H3C S3600 User Manual

H3C S3600 Series Ethernet Switches

Operation Manual

Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com

Manual Version: 20100510-C-1.01

Product Version: Release 1702

Copyright © 2007-2010, Hangzhou H3C Technologies Co., Ltd. and its licensors

All Rights Reserved

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C, , Aolynk, , H3Care, , TOP G, , IRF, NetPilot, Neocean, NeoVTL, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V2G, VnG, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners.

Notice

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

Technical Support

customer_service@h3c.com

http://www.h3c.com

Table of Contents

1About This Document ·······························································································································1-1

Audience ·················································································································································1-1 Part Organization ····································································································································1-1 New Features··········································································································································1-4 Conventions ············································································································································1-6 Command conventions····················································································································1-6 GUI conventions······························································································································1-6 Symbols···········································································································································1-6

2H3C S3600 Series Documentation Guide································································································2-1

Obtaining the Documentation ·················································································································2-1 CD-ROM··········································································································································2-1 H3C Website ···································································································································2-1 Software Release Notes··················································································································2-1 Related Documentation ··························································································································2-1 Finding Documents at the H3C Website·································································································2-2 Documentation Feedback ·······················································································································2-2

3Product Overview ······································································································································3-1

Product Overview····································································································································3-1 Network Scenarios··································································································································3-2 Broadband Ethernet Access for Residential Communities ·····························································3-2 Branch or Smallto Medium-Sized Enterprise Networks································································3-2 Large Enterprise and Campus Networks ························································································3-3

1

1 About This Document

The H3C S3600 Series Ethernet Switches Operation Manual, Release 1702 describes the software features available in the S3600 series software release 1702, and guides you through the software feature configuration procedures.

Audience

This document is for administrators who are configuring and maintaining the S3600 series switches.

Part Organization

Table 1-1 presents the part organization of this document:

Table 1-1 Part organization

	Part		Contents
	1 CLI	z	Introduction to CLI
		z	CLI Configuration
		z Logging In Through the Console Port
		z Logging In Through Telnet or SSH
		z Logging In Using a Modem
	2 Login	z	Logging In Through Web or NMS
		z Configuring Source IP Address for Telnet Service Packets
		z Controlling Login Users by Using ACL
		z	Switching User Level
		z Introduction to Configuration File
	3 Configuration File	z	Saving the Current Configuration
	Management	z	Erasing the Startup Configuration File
		z Specifying a Configuration File for Next Startup
		z	Basic VLAN Configuration
	4 VLAN	z	Configuring Port-Based VLAN
		z Configuring Protocol-Based VLAN
		z Configuring an IP address for a Switch
	5 IP Address and	z Configuring the TCP Attributes for a Switch
		z	Enabling Reception of Directed Broadcasts to a Directly Connected Network
	Performance
		z	Disabling the Switch from Sending ICMP Error Messages
		z Canceling the System-Defined ACLs for ICMP Attack Guard
	6 Voice VLAN	z	Voice VLAN Overview
		z	Voice VLAN Configuration
	7 GVRP	z	Introduction to GVRP
		z	GVRP Configuration
		z Configuring Speed Options for Auto Negotiation on a Port
		z Configuring Flow Control on a Port
		z Duplicating the Configuration of a Port to Other Ports
	8 Port Basic	z	Enabling Loopback Test
		z	Enabling Giant-Frame Statistics Function
	Configuration
		z	Limiting Traffic on a Port
		z Setting Broadcast Storm Suppression Globally
		z Configuring Loopback Detection on a Port
		z Enabling Cable Test on a Port

1-1

	Part			Contents
			z Configuring a Manual Aggregation Group
	9 Link Aggregation		z	Configuring a Static LACP Aggregation Group
			z Configuring a Dynamic LACP Aggregation Group
	10 Port Isolation		Configuring Port Isolation Group
			z Setting the Maximum Number of Secure MAC Addresses Allowed on a Port
			z Setting the Port Security Mode
	11 Port Security-Port		z Configuring Port Security Features
			z	Configuring Guest VLAN for a Port in macAddressOrUserLoginSecure mode
	Binding
			z	Ignoring the Authorization Information from the RADIUS Server
			z Configuring Secure MAC Addresses
			z Configuring MAC-IP-Port Binding
	12 DLDP		Device link detection protocol (DLDP)
			z Introduction to MAC Address Table
			z Configuring a MAC Address Entry
	13 MAC Address Table		z	Setting the MAC Address Aging Timer
	Management		z	Setting the Maximum Number of MAC Addresses a Port Can Learn
			z Enabling Destination MAC Address Triggered Update
			z Assigning MAC Addresses for Ethernet Ports
			z Auto Detect Basic Configuration
	14 Auto Detect		z Auto Detect Implementation in Static Routing
			z	Auto Detect Implementation in VRRP
			z Auto Detect Implementation in VLAN Interface Backup
			z STP/RSTP/MSTP Overview and Basic Configuration
			z	Performing mCheck Operation
			z Guard Functions: BPDU Guard, Root Guard, Loop Guard, TC-BPDU Attack
				Guard, and BPDU Drop
	15 MSTP		z	Digest Snooping
			z	Rapid Transition
			z VLAN-VPN Tunnel
			z	MSTP Maintenance Configuration
			z Sending Trap Messages Conforming to 802.1d Standard
			z	Static Route
			z Routing Information Protocol (RIP) v1/v2
	16 Routing Protocols.		z	Open Shortest Path First (OSPF) (available only on the S3600-EI series)
			z	Routing Policy
			z Route Capacity Limiting (available only on the S3600-EI series)
			z	Multicast Overview
			z Configuring the Common Multicast Functions
			z Internet Group Management Protocol (IGMP) (available only on the S3600-EI
	17 Multicast			series)
			z	Protocol Independent Multicast (PIM) (available only on the S3600-EI series)
			z Multicast Source Discovery Protocol (MSDP) (available only on the S3600-EI
				series)
			z Internet Group Management Protocol Snooping (IGMP Snooping)
			z	802.1X Authentication
	18 802.1X and System		z	Guest VLAN
			z	Quick EAD Deployment
	Guard
			z	Huawei Authentication Bypass Protocol (HABP)
			z	System Guard
			z Authentication, Authorization, and Accounting (AAA)
	19 AAA		z Remote Authentication Dial-In User Service (RADIUS)
			z	Huawei Terminal Access Controller Access Control System (HWTACACS)
			z Endpoint Admission Defense (EAD)
			z	Web Authentication Configuration
	20 Web Authentication		z	Configuring HTTPS Access for Web Authentication
			z Customizing Web Authentication Pages
				1-2

	Part			Contents
	21 MAC Address		z	Basic MAC Address Authentication
	Authentication		z	Enhanced MAC Address Authentication
	22-VRRP		z Virtual Router Redundancy Protocol (VRRP) Basic Configuration
			z	VRRP Tracking
			z	ARP
			z	Gratuitous ARP
	23 ARP		z	ARP Attack Detection
			z	Proxy ARP
			z	Resilient ARP
			z	MFF
			z DHCP Server (available only on the S3600-EI series)
			z	DHCP Relay Agent
	24 DHCP		z	DHCP Snooping
			z DHCP Packet Rate Limit
			z	DHCP/BOOTP Client
			z	Basic ACLs
			z	Advanced ACLs
			z	Layer 2 ACLs
	25 ACL		z	User-Defined ACLs
			z IPv6 ACLs (available only on the S3600-SI series)
			z Applying ACLs to Ports
			z Applying ACLs to VLANs
	26 QoS-QoS Profile		z Quality of Service (QoS)
			z	QoS Profile
	27-Web Cache		Web Cache Redirection (available only on the S3600-EI series)
	Redirection
			z	Traffic Mirroring
	28 Mirroring		z	Local Port Mirroring
			z Remote Port Mirroring (available only on the S3600-EI series)
			z	IRF Fabric
	29-IRF Fabric		z Specifying the Fabric Port of a Switch
			z	IRF Fabric Detection
			z	IRF Automatic Fabric
			z Huawei Group Management Protocol (HGMP) v2
			z Neighbor Discovery Protocol (NDP)
	30 Cluster		z	Neighbor Topology Discovery Protocol (NTDP)
			z	Enhanced Cluster Features
			z	Cluster Synchronization Functions
	31-PoE-PoE Profile		z	PoE Configuration
			z	PoE Profile Configuration
	32-UDP Helper		z Introduction to UDP Helper
			z	Configuring UDP Helper
			z Simple Network Management Protocol (SNMP) v1, v2, v3
	33 SNMP-RMON		z	Configuring Trap-Related Functions
			z	Remote Monitoring (RMON)
			z	Introduction to NTP
			z Configuring NTP Implementation Modes
	34 NTP		z	Configuring Access Control Right
			z	Configuring NTP Authentication
			z Configuring Optional NTP Parameters
			z	SSH Overview
	35 SSH		z	Configuring the SSH Server
			z Configuring the SSH Client
	36 File System		z	File System Configuration
	Management		z	File Attribute Configuration
				1-3

	Part			Contents
	37 FTP-SFTP-TFTP		z FTP and SFTP Configuration
			z	TFTP Configuration
	38 Information Center		z	Information Center Overview
			z	Information Center Configuration
			z Boot ROM and Host Software Loading
	39 System Maintenance		z Basic System Configuration and Debugging
			z	Network Connectivity Test
	and Debugging		z	Device Management
			z	Scheduled Task Configuration
			z	VLAN VPN (QinQ)
			z Enabling Transparent IGMP Message Transmission on a VLAN-VPN Port
	40 VLAN-VPN		z Configuring the Inner-to-Outer Tag Priority Replication
			z	Configuring TPID Value
			z	Selective QinQ
			z	BPDU Tunnel
	41 HWPing		z HWPing Server/HWPing Client Configuration
			z	Nine test types, including ICMP test, DHCP test, FTP test, HTTP test, DNS test,
				SNMP test, jitter test, TCP test, and UDP test
			z	IPv6 Management
	42 IPv6 Management		z	Static IPv6 Route
			z	IPv6 DNS
			z	IPv6 Application Configuration
	43 DNS	IPv4 Domain Name System (DNS)
	44 Smart Link-Monitor		z	Smart Link
	Link		z	Monitor Link
	45 Access Management		z	Access Management Overview
			z	Configuring Access Management
			z Basic Link Layer Discovery Protocol (LLDP) configuration
	46 LLDP		z	CDP Compatibility
			z	LLDP Trapping
			z Submitting a PKI Certificate Request in Auto Mode or in Manual Mode
	47 PKI		z	Verifying, Retrieving, and Deleting a PKI Certificate
			z Configuring an Access Control Policy
	48 SSL		z Configuring an SSL Server Policy
			z	Configuring an SSL Client Policy
			z	HTTPS Service
	49 HTTPS		z Associating the HTTPS Service with an SSL Server Policy
			z	Associating the HTTPS Service with a Certificate Attribute Access Control Policy
			z Associating the HTTPS Service with an ACL

New Features

H3C S3600 Series Ethernet Switches Operation Manual-Release 1702 and H3C S3600 Series Ethernet Switches Command Manual-Release 1702 are for software release 1702.

See Table 1-2 for new features introduced in release 1702.

Table 1-2 New features in release 1702

New features	Reference
Command alias configuration	01-CLI

1-4

	Canceling the system-defined ACLs for ICMP attack guard	05-IP Address and
		Performance
	Configuring QoS priority settings for voice traffic on an interface	06-Voice VLAN
	Configuring flow control on Ethernet ports
	Configuring loopback port auto-shutdown and loopback detection on Ethernet
	ports in bulk	08-Port Basic Configuration
	Configuring storm suppression thresholds in kbps
	Various types of characters in port descriptions
	Configuring Guest VLAN for port security
		11-Port Security-Port Binding
	Configuring the aging time for learned secure MAC address entries
	Configuring port-MAC-IP binding
	Configuring PIM prune delay (available only on the S3600-EI series)
	Configuring the source address to be carried in IGMP group-specific queries	17-Multicast Protocol
	Disabling a port from becoming a router port
	CPU protection	18-802.1X and
		System-Guard
	Ignoring assigned RADIUS authorization attributes	19-AAA
	Auto VLAN
	Setting the maximum online time for Web authentication users
		20-Web Authentication
	Configuring HTTPS access for Web authentication
	Customizing Web authentication pages
	VRRP (available only on the S3600-SI series Ethernet switches)	22-VRRP
	ARP attack defense
		23-ARP
	Local proxy ARP
	MFF
	The qos-profile keyword, and IP filtering based on authenticated 802.1X
	clients
		24-DHCP
	Removing DHCP snooping entries
	Configuring the DHCP relay agent to process DHCP-INFORM messages in an
	IRF system
	IPv6 ACLs	25-ACL
	Port mirroring–STP collaboration	28-Mirroring
	Cluster synchronization	30-Cluster
	Enabling auto power down on an electrical Ethernet port	39-System Maintenance and
		Debugging
	Scheduled task configuration
	Enabling transparent IGMP message transmission on a VLAN-VPN port	40-VLAN-VPN
	New HWPing commands, including: adv-factor, datafill, description, display	41-HWping
	hwping statistics, filesize, history keep-time, history-record enable,
	hwping-agent clear, hwping-agent max-requests, sendpacket passroute,
1-5

statistics, statistics keep-time, test-time begin, and ttl.
LLDP	46-LLDP
PKI	47-PKI
SSL	48-SSL
HTTPS	49-HTTPS

Conventions

Command conventions

		Convention		Description
		Boldface		The keywords of a command line are in Boldface.
		italic	Command arguments are in italic.
	[ ]		Items (keywords or arguments) in square brackets [ ] are optional.
		{ x | y | ... }		Alternative items are grouped in braces and separated by vertical bars. One is
				selected.
		[ x | y | ... ]		Optional alternative items are grouped in square brackets and separated by
				vertical bars. One or none is selected.
		{ x | y | ... } *		Alternative items are grouped in braces and separated by vertical bars. A
				minimum of one or a maximum of all can be selected.
		[ x | y | ... ] *		Optional alternative items are grouped in square brackets and separated by
				vertical bars. Many or none can be selected.
		&<1-n>		The argument(s) before the ampersand (&) sign can be entered 1 to n times.
	#			A line starting with the # sign contains comments.

Command line interface (CLI) commands of H3C products are case insensitive.

GUI conventions

	Convention	Description
	Boldface	Window names, button names, field names, and menu items are in Boldface.
		For example, the New User window appears; click OK.
	>	Multi-level menus are separated by angle brackets. For example, File > Create
		> Folder.

Symbols

Convention	Description

Means reader be extremely careful. Improper operation may cause bodily injury.

1-6

Convention	Description

Means reader be careful. Improper operation may cause data loss or damage to equipment.

Means a complementary description.

Means techniques helpful for you to make configuration with ease.

1-7

2 H3C S3600 Series Documentation Guide

Obtaining the Documentation

You can obtain the H3C S3600 series documentation in these ways: z CD-ROMs shipped with the devices

z H3C website

z Software release notes

CD-ROM

H3C delivers a CD-ROM together with each device. The CD-ROM contains a complete set of electronic documents of the product, including operation manuals and command manuals. After installing the reader program provided by the CD-ROM, you can search for the desired contents in a convenient way through the reader interface.

The contents in the manual are subject to update on an irregular basis due to product version upgrade or some other reasons. Therefore, the contents in the CD-ROM may not be the latest version. This manual serves the purpose of user guide only. Unless otherwise noted, all the information in the document set does not claim or imply any warranty. For the latest software documentation, go to the H3C website.

H3C Website

To obtain up-to-date documentation and technical support, go to http://www.h3c.com. Go to the following columns for different categories of product documentation:

[Products & Solutions]: Provides information about products and technologies, as well as solutions. [Technical Support & Document > Technical Documents]: Provides several categories of product documentation, such as installation, configuration, and maintenance.

[Technical Support & Document > Software Download]: Provides the documentation released with the software version.

Software Release Notes

With software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes.

Related Documentation

Use the documents listed in Table 2-1 together with H3C S3600 Series Ethernet Switches Operation Manual to make full use of the benefits delivered by the S3600 series.

Table 2-1 Related documentation

Document title		Description
		Describes the commands for the S3600 Series
H3C S3600 Series Ethernet Switches Command		Ethernet Switches. A master index of all commands
Manual-Release 1702		covered by the whole manual is provided for the ease
		of retrieval.
	2-1

Document title	Description
	Describes the physical views and hardware
H3C S3600 Series Ethernet Switches Installation	specifications of the H3C S3600 series switches, and
Manual	guides you through the installation, power-on and
	startup, troubleshooting and maintenance procedures.
	Provides the safety and regulatory compliance
H3C S3600 Series Ethernet Switches Compliance	statements, and describes the protection actions that
and Safety Manual	you must take when installing and maintaining the
	H3C S3600 series switches.
	Describes the typical application scenarios, and
H3C Low-End Ethernet Switches Configuration Guide	provides configuration examples and configuration
	guidelines.

Finding Documents at the H3C Website

All these documents are available at the H3C website:

zFor software feature descriptions and configuration procedures, see H3C S3600 Series Ethernet Switches Operation Manual.

zFor command reference, see H3C S3600 Series Ethernet Switches Command Manual.

zFor hardware specifications, installation, and troubleshooting, see H3C S3600 Series Ethernet Switches Installation Manual.

zFor typical application scenarios, configuration examples, and configuration guidelines, see H3C Low-End Ethernet Switches Configuration Guides.

Documentation Feedback

You can e-mail your comments about product documentation to info@h3c.com.

We appreciate your comments.

2-2

3 Product Overview

Product Overview

The H3C S3600 Series Ethernet Switches are multilayer switching products. They support abundant Layer 3 features and enhanced extended functions, in addition to Layer 2 features. The switches come in two series:

zThe S3600-SI series supports basic routing functions, DHCP, basic IRF functions, and IGMP-Snooping.

zThe S3600-EI series supports advanced routing functions, DHCP, enhanced IRF functions, and enhanced multicast functions (including PIM-DM and PIM-SM).

See Table 3-1 for all S3600 switch models and their basic hardware specifications.

Table 3-1 S3600 switch hardware summary

Model

Power supply

Number of

Number of

service

100 Mbps

unit (PSU)

ports

ports

H3C

AC-input

28

24

10/100

Mbps ports

S3600-28P-SI

(electrical)

H3C

AC-/DC-input

28

24

10/100

S3600-28P-PW

Mbps ports

R-SI

(electrical)

H3C

24

10/100

AC-input

28

Mbps

S3600-28TP-SI

(electrical)

H3C

AC-input

52

48

10/100

Mbps

S3600-52P-SI

(electrical)

H3C

AC-/DC-input

28

24

10/100

Mbps ports

S3600-28P-EI

(electrical)

H3C

AC-/DC-input

28

24

100 Mbps

S3600-28F-EI

(SFP) ports

H3C

AC-/DC-input

28

24

10/100

S3600-28P-PW

Mbps ports

R-EI

(electrical)

H3C

AC-/DC-input

52

48

10/100

Mbps ports

S3600-52P-EI

(electrical)

H3C

AC-/DC-input

52

48

10/100

S3600-52P-PW

Mbps ports

R-EI

(electrical)

H3C

AC-/DC-input

52

48

10/100

S3600-52P-PW

Mbps ports

R-SI

(electrical)

Number of 1,000		Console
Mbps uplink ports		port
4 Gigabit (SFP) ports		1
4 Gigabit (SFP) ports		1
2 Gigabit (SFP) ports
2 x 10/100/1,000 Mbps		1
ports (electrical)
4 Gigabit (SFP) ports		1
4 Gigabit (SFP) ports		1
2 Gigabit (SFP) ports
2 10/100/1,000 Mbps		1
ports (electrical)
4 Gigabit (SFP) ports		1
4 Gigabit ports (SFP)		1
4 Gigabit (SFP) ports		1
4 Gigabit (SFP) ports		1

3-1

Network Scenarios

You can deploy the S3600 series on many types of networks, such as enterprise and broadband access networks. This section describes several typical application scenarios for the S3600 series.

Broadband Ethernet Access for Residential Communities

Deploy an S3600 series switch at the center of the broadband access network for a residential community. Connect the switch to the access S3100 series switches to reach end users, and to an upstream core Layer 3 switch through a GE port to access the MAN backbone.

Figure 3-1 Community access network

ICP			Data
MAN	ICP		center
			Core layer
backbone		GSR	devices

L3	Distribution
	layer devices

Local service center

S3600 series	Community/building
	access devices

	S3100 series	S 3100 series	Corridor access
	S3100 series
			devices

Branch or Smallto Medium-Sized Enterprise Networks

Deploy the S3600 series switches as backbone switches on a branch or small-to medium-sized enterprise network. Connect the switches to the headquarters or other branches through routers. As the business grows, you can cascade the S3600 series to extend the network.

3-2

Figure 3-2 Branch or small-to medium-sized enterprise network

	Server	Internet
	FE (100M)
		GE (1000M)
	Server	S3600 Series
	FE (100M)
		Router
	FE (100M)	FE (100M)
	S3100 series

Host

Host

Host

Host

Host

Large Enterprise and Campus Networks

Deploy the S3600 series switches at the distribution layer of a large enterprise or campus network to implement Gigabit-to-backbone and 100 Mbps-to-desktop together with other H3C switches. Connect the S3600 switches to the access Layer 2 switches (for example, the S3100 series), and to the core Layer 3 switches through GE ports.

Figure 3-3 S3600 series application in a large enterprise or campus network

3-3

Table of Contents

1 CLI Configuration ······································································································································1-1

What Is CLI? ···········································································································································1-1 Entering the CLI ······································································································································1-1 Entering CLI Through the Console Port ··························································································1-2 Entering CLI Through Telnet ···········································································································1-6 H3C Products CLI Descriptions ··············································································································1-8 Command Conventions···················································································································1-8 CLI View Description ·······················································································································1-9

Tips on Using the CLI····························································································································1-14 Using the CLI Online Help·············································································································1-14 Command Line Error Information ··································································································1-15 Typing and Editing Commands ·····································································································1-16 Displaying and Executing History Commands ··············································································1-16 Undo Form of a Command············································································································1-17 Controlling CLI Display··················································································································1-17

CLI Configurations ································································································································1-18 Configuring Command Aliases······································································································1-18 Synchronous Information Output···································································································1-19 Configuring Command Levels ·······································································································1-19 Saving Configurations ···················································································································1-21

1

1 CLI Configuration

This chapter includes these sections:

z

z

z

z

z

What Is CLI? Entering the CLI

H3C Products CLI Descriptions Tips on Using the CLI

CLI Configurations

What Is CLI?

The command line interface (CLI) is an interface where you can interact with your device by typing text commands. At the CLI, you can instruct your device to perform a given task by typing a text command and then pressing Enter to submit it to your device. At the CLI, you can enter commands to configure your switch, and verify the configuration based on the output. Thus, the CLI facilitates your switch configuration and management. The CLI of H3C switches is as shown in Figure 1-1.

Figure 1-1 Schematic diagram for the CLI

Entering the CLI

The H3C S3600 Series Ethernet switches provide multiple methods of entering the CLI, as follows:

zThrough the console port. For more information, see Entering CLI Through the Console Port.

zThrough Telnet. For more information, see Entering CLI Through Telnet.

zThrough SSH with encryption. For more information, see SSH Configuration.

1-1

Entering CLI Through the Console Port

When you use the CLI of an H3C switch for the first time, you can log in to the switch and enter the CLI through the console port only. Follow these steps to log in to your H3C switch and enter the CLI through the console port:

1)Use the console cable shipped with your switch to connect your PC to your switch. Plug the DB-9 (female) connector of the console cable into the 9-pin serial port of your PC. Then plug the RJ-45 connector of the console cable into the console port of your switch.

Figure 1-2 Use the console cable to connect your PC to your switch

Identify the interface to avoid connection errors.

Because the serial port of a PC is not hot swappable, do not plug or unplug the console cable when your switch is powered on. When connecting the PC to your switch, first plug the DB-9 connector of the console cable into the PC, and then plug the RJ-45 connector of the console cable into your switch. When disconnecting the PC from your switch, first unplug the RJ-45 connector and then the DB-9 connector.

2)Launch a terminal emulation utility on your PC. In this chapter, the HyperTerminal in Windows XP is used as an example. Click Start > All Programs > Accessories > Communications > HyperTerminal to enter the HyperTerminal window. The Connection Description window as shown in Figure 1-3 appears. Type a connection name (Switch, for example) in the Name input box, and click OK.

1-2

Figure 1-3 Connection description

3)Then, the Connect To window as shown in Figure 1-4 appears. Select the serial port you want to use from the Connect using drop-down list, and then click OK.

Figure 1-4 Specify the serial port used to establish the connection

4)The COM1 Properties window as shown in Figure 1-5 appears. On the window, set Bits per second to 9600, Data bits to 8, Parity to None, Stop bits to 1, and Flow control to None. Click OK.

1-3

Figure 1-5 Set the properties of the serial port

5)The HyperTerminal window as shown in Figure 1-6 appears.

Figure 1-6 The HyperTerminal window

1-4

Select File > Properties on the HyperTerminal window, and the Switch Properties window appears. Select the Settings tab as shown in Figure 1-7, select VT100 from the Emulation drop-down list, and then click OK.

Figure 1-7 Select the emulation terminal on the Switch Properties window

6)Press Enter on the HyperTerminal window. Then the CLI of your switch appears on the window, as shown in Figure 1-8, indicating that you have logged in to your switch successfully.

1-5

Figure 1-8 Schematic diagram for successful login through the console port

Entering CLI Through Telnet

After you log in to your switch through the console port for the first time, it is recommended that you configure Telnet login as soon as possible, so that you can use a remote terminal to configure and manage your switch.

Telnet login authentication methods

In order to restrict the login to your switch, H3C provides three Telnet login authentication methods. Select a proper method according to your network conditions.

Table 1-1 Telnet login authentication methods

	Authentication			Description		Application		Configuration
	method					scenarios
			z	Easy to configure		Lab environments		For more
	None		z	Allows any user to telnet to your		and extremely secure		information,
				switch		network		see Login
			z	Least secure		environments		Configuration.
			z	Easy to configure
			z Allows any user knowing the			Environments that do
	Password			password to telnet to your switch		not need granular
			z	Secure, but incapable of assigning		privilege
				different privilege levels to different		management
				users

1-6

Authentication

Description

Application

Configuration

method

scenarios

z

Complex to configure

z

Allows users inputting

the correct

Environments where

Username and

username and password to telnet

multiple operators

to your switch

password

cooperate to manage

Most secure, and

capable

of

z

the device

assigning different privilege levels

to different users

An H3C switch provides multiple VTY user interfaces. At one time, only one user can telnet to a VTY user interface. Because a remote terminal cannot select the VTY user interface through which it logs in to the switch, it is recommended that you configure all VTY user interfaces with the same authentication method. The following example is configured in this way.

The number of VTY user interfaces provided by a H3C device varies by switch model. In this document, a switch providing five VTY user interfaces is used as an example, which means that the VTY user interface number ranges from 0 to 4. If your switch provides a different number of VTY user interfaces, make sure that the VTY interface number you configure is within the actual range.

Telnet login configuration example

# Enter system view.

<Sysname> system-view

# Enable the telnet service.

[Sysname] telnet server enable

# Create VLAN-interface 1.

[Sysname] interface vlan-interface 1

# Assign an IP address to VLAN-interface 1 according to the IP network segment distribution and usage in the current network. 192.168.0.72 is used as an example.

[Sysname-Vlan-interface1] ip address 192.168.0.72 24

[Sysname-Vlan-interface1] quit

# Enter the view of VTY user interfaces 0 through 4.

[Sysname] user-interface vty 0 4

[Sysname-ui-vty0-4]

# Configure the authentication method for the VTY user interfaces as needed.

Omitted. For more information, see Login Configuration.

# Configure the command level available to the users that log in through VTY user interfaces 0 through 4. Command level 3 is used as an example, which means that the users can use all commands.

1-7

[Sysname-ui-vty0-4]user privilege level 3

H3C Products CLI Descriptions

Command Conventions

Before using commands provided in H3C product manuals, learn the command conventions to understand the command meanings.

Commands in H3C product manuals comply with the following conventions, as described in Table 1-2.

Table 1-2 Command conventions

		Convention		Description
		Boldface		The keywords of a command line are in Boldface. Keep keywords
				unchanged when typing them in the CLI.
		Italic		Command arguments are in italic. Replace arguments with actual
				values in the CLI.
	[ ]			Items (keywords or arguments) in square brackets [ ] are optional.
		{ x | y | ... }		Alternative items are grouped in braces and separated by vertical bars.
				One is selected.
		[ x | y | ... ]		Optional alternative items are grouped in square brackets	and
				separated by vertical bars. One or none is selected.
		{ x | y | ... } *		Alternative items are grouped in braces and separated by vertical bars.
				A minimum of one or a maximum of all can be selected.
		[ x | y | ... ] *		Optional alternative items are grouped in square brackets	and
				separated by vertical bars. Many or none can be selected.
		&<1-n>		The argument(s) before the ampersand (&) sign can be entered 1 to n
				times.
	#			A line starting with the # sign is comments.

H3C command lines are case insensitive.

Take the clock datetime time date command as an example to understand the command meaning according to Table 1-2.

1-8

Figure 1-9 Read command line parameters

Type the following command line in the CLI of a device and press Enter. You set the device system time to 10 o’clock 30 minutes 20 seconds, February 23, 2010.

<Sysname> clock datetime 10:30:20 2/23/2010

You can read any commands more complicated according to Table 1-2.

CLI View Description

CLI views are designed for different configuration tasks. These are how commands are organized, with groupings of tasks for related operations. For example, once a user logs into a switch successfully, the user enters user view, where the user can perform some simple operations such as checking the operation status and statistics information of the switch. After executing the system-view command, the user enters system view, and there are other views below this accessible by entering corresponding commands.

Table 1-3 lists the CLI views provided by S3600 Series Ethernet switches, operations that can be performed in different CLI views and the commands used to enter specific CLI views.

Table 1-3 CLI views

View

Available

Prompt example

Enter method

Quit method

operation

Display operation

User view

status and

Enter user view

Execute the quit

statistical

<Sysname>

once logging into

command to log

information of the

the switch.

out of the switch.

switch

Execute the

Execute the quit

Configure system

or return

System view

[Sysname]

system-view

command to

parameters

command in user

return to user

view.

view.

1-9

View

Available

Prompt example

Enter method

Quit method

operation

100 Mbps

Execute the

Execute the quit

Ethernet port

interface

command to

view:

ethernet

return to system

[Sysname-Ethern

command in

view.

Ethernet port

Configure

et1/0/1]

system view.

Execute the

Ethernet port

return command

view

1000 Mbps

parameters

Execute the

to return to user

Ethernet port

interface

view.

view:

gigabitethernet

[Sysname-Gigabi

command in

tEthernet1/1/1]

system view.

Aux1/0/0 port (the

The S3600 series

Execute the

do not support

[Sysname-Aux1/

interface aux

console port)

configuration on

0/0]

1/0/0 command in

view

port Aux1/0/0

system view

Configure VLAN

Execute the vlan

VLAN view

[Sysname-vlan1]

command in

parameters

system view.

Configure VLAN

Execute the

interface

VLAN interface

interface

parameters,

[Sysname-Vlan-i

Vlan-interface

view

including the

nterface1]

command in

management

system view.

VLAN parameters

Configure

Execute the

Loopback

[Sysname-LoopB

interface

loopback

loopback

interface view

interface

ack0]

command in

parameters

system view.

NULL interface

Configure NULL

[Sysname-NULL

Execute the

interface null

interface

view

0]

command in

parameters

system view.

Configure local

[Sysname-luser-u

Execute the

Local user view

local-user

user parameters

ser1]

command in

system view.

User interface

Configure user

[Sysname-ui-aux

Execute the

user-interface

interface

view

0]

command in

parameters

system view.

Configure FTP

Execute the ftp

FTP client view

[ftp]

command in user

client parameters

view.

Configure SFTP

Execute the sftp

SFTP client view

sftp-client>

command in

client parameters

system view.

Configure MST

[Sysname-mst-re

Execute the stp

region-configur

MST region view

region

gion]

ation command

parameters

in system view.

1-10

View

Available

Prompt example

Enter method

Quit method

operation

Cluster view

Configure cluster

[Sysname-cluster

Execute the

cluster command

parameters

]

in system view.

Scheduled task

Configure

Execute the job

scheduled task

[Sysname-job-pc1]

command in

view

parameters

system view.

Configure the

[Sysname-rsa-pu

Execute the rsa

peer-public-key

RSA public key

Execute the

blic-key]

command in

for SSH users

system view.

peer-public-key

Public key view

end command to

Configure the

Execute the

return to system

RSA or DSA

[Sysname-peer-p

public-key peer

view.

public key for

ublic-key]

command in

SSH users

system view.

Edit the RSA

[Sysname-rsa-ke

Execute the

public key for

Execute the

y-code]

Public key editing

SSH users

public-key-code

public-key-code

end command to

view

Edit the RSA or

begin command

[Sysname-peer-k

return to public

in public key view.

DSA public key

key view.

ey-code]

for SSH users

Configure DHCP

Execute the quit

command to

address pool

Execute the dhcp

return to system

DHCP address

parameters

[Sysname-dhcp-p

This configuration

server ip-pool

view.

pool view

ool-a123]

command in

Execute the

is supported by

system view.

return command

only the S3600-EI

to return to user

series.

view.

Execute the pim

command in

Configure PIM

system view.

If multicast

parameters

PIM view

This configuration

[Sysname-pim]

routing is not

enabled, you

is supported by

should first

only the S3600-EI

execute the

series.

multicast

Execute the

routing-enable

return command

command.

to return to user

Configure RIP

Execute the rip

view.

RIP view

protocol

[Sysname-rip]

command in

parameters

system view.

Configure OSPF

protocol

Execute the ospf

OSPF view

parameters

[Sysname-ospf-1]

Supported by

command in

system view.

only S3600-EI

series switches

1-11

View

Available

Prompt example

Enter method

Quit method

operation

Execute the quit

Configure OSPF

command to

return to OSPF

area parameters

Execute the area

OSPF area view

[Sysname-ospf-1

view.

Supported by

command in

-area-0.0.0.1]

Execute the

only S3600-EI

OSPF view.

return command

series switches

to return to user

view.

Routing policy

Configure routing

[Sysname-route-

Execute the

Execute the quit

route-policy

command to

view

policy

policy]

command in

return to system

system view.

view.

Execute the

Define rules for a

Execute the acl

[Sysname-acl-

return command

Basic ACL view

basic ACL (with

number

to return to user

ID ranging from

basic-2000]

command in

view.

2000 to 2999)

system view.

Define rules for

Execute the acl

Advanced ACL

an advanced ACL

[Sysname-acl-ad

number

(with ID ranging

view

v-3000]

command in

from 3000 to

system view.

3999)

Define rules for

Execute the acl

an layer 2 ACL

[Sysname-acl-eth

Layer 2 ACL view

number

(with ID ranging

ernetframe-4000]

command in

from 4000 to

system view.

4999)

Define rules for a

Execute the acl

User-defined

user-defined ACL

[Sysname-acl-us

number

(with ID ranging

ACL view

er-5000]

command in

from 5000 to

system view.

5999)

Define rules for a

Execute the acl

IPv6 ACL view

IPv6 ACL (with ID

[Sysname-acl-us

number

ranging from

er-5000]

command in

5000 to 5999)

system view.

Define QoS

[Sysname-qos-pr

Execute the

QoS profile view

qos-profile

profile

ofile-a123]

command in

system view.

RADIUS scheme

Configure

[Sysname-radius-

Execute the

radius scheme

RADIUS scheme

view

1]

command in

parameters

system view.

Configure ISP

[Sysname-isp-aa

Execute the

domain

ISP domain view

domain

a123.net]

command in

parameters

system view.

HWPing test

Configure

[Sysname-hwpin

Execute the

hwping

HWPing test

group view

g-a123-a123]

command in

group parameters

system view.

1-12

View

Available

Prompt example

Enter method

Quit method

operation

Configure

Execute the

HWTACACS

[Sysname-hwtac

hwtacacs

HWTACACS

scheme

view

acs-a123]

parameters

command in

system view.

Configure MSDP

parameters

Execute the

MSDP view

This configuration

[Sysname-msdp]

msdp command

is supported by

in system view.

only the S3600-EI

series.

Configure PoE

[Sysname-poe-pr

Execute the

poe-profile

PoE profile view

profile

ofile-a123]

command in

parameters

system view.

Smart link group

Configure smart

[Sysname-smlk-g

Execute the

smart-link group

link group

view

roup1]

command in

parameters

system view.

Monitor link group

Configure monitor

[Sysname-mtlk-gr

Execute the

monitor-link

link group

view

oup1]

group command

parameters

in system view.

Detected group

Configure

[Sysname-detect-

Execute the

detect-group

detected group

view

group-1]

command in

parameters

system view.

Configure PKI

[Sysname-pki-do

Execute the pki

domain

PKI domain view

domain

main-1]

command in

parameters

system view.

Configure PKI

[Sysname-pki-ent

Execute the pki

PKI entity view

entity command

entity parameters

ity-en]

in system view.

PKI certificate

Configure PKI

[Sysname-cert-at

Execute the pki

certificate

certificate

attribute group

tribute-group-my

attribute-group

attribute group

view

group]

command in

parameters

system view.

PKI certificate

Configure PKI

Execute the pki

certificate

certificate

attribute-based

[Sysname-cert-ac

access control

attribute-based

p-mypolicy]

access-control-

access control

policy command

policy view

policy

in system view.

SSL server policy

Configure SSL

[Sysname-ssl-ser

Execute the ssl

server-policy

server policy

ver-policy-policy1

view

command in

parameters

]

system view.

1-13

View

Available

Prompt example

Enter method

Quit method

operation

SSL client policy

Configure SSL

[Sysname-ssl-clie

Execute the ssl

client-policy

client policy

view

nt-policy-policy1]

command in

parameters

system view.

Execute the

Execute the quit

vlan-vpn vid

command to

command in

return to Ethernet

Ethernet port

Configure QinQ

[Sysname-Ethern

port view.

QinQ view

view.

parameters

et1/0/1-vid-20]

Execute the

The vlan-vpn

return command

enable command

should be first

to return to user

view.

executed.

The shortcut key <Ctrl+Z> is equivalent to the return command.

Tips on Using the CLI

Using the CLI Online Help

In the CLI, you can type a question mark (?) to obtain detailed online help. See the following examples.

Type ? in any view to display all commands available in this view and brief descriptions about these commands.

<Sysname> ?

User view commands:

boot	Set boot option
cd	Change current directory
clock	Specify the system clock
cluster	Run cluster command
copy	Copy from one file to another
debugging	Enable system debugging functions
delete	Delete a file
dir	List files on a file system
display	Display current system information

......omitted......

Type part of a command and a ? separated by a space.

If ? is at the position of a keyword, the CLI displays all possible keywords with a brief description about each of these keywords.

<Sysname> terminal ?

1-14