H3C S5600 Series Ethernet Switches System Guard Feature Manual-Release 1510P08(V1.01)

Download

Table of Contents

Chapter 1 System Guard Configuration. 1-1

1.1 System Guard Layer 3 Error Control Overview. 1-1

1.2 Configuring System Guard. 1-1

1.2.1 Enabling Layer 3 Error Control 1-1

1.3 Displaying System Guard. 1-1

Chapter 2 System Guard Configuration Commands. 2-1

2.1 System Guard Configuration Commands. 2-1

2.1.1 display system-guard l3err state. 2-1

2.1.2 system-guard l3err enable. 2-1

 


Chapter 1  System Guard Configuration

1.1  System Guard Layer 3 Error Control Overview

The Layer 3 error control feature determines how the switch disposes of Layer packets which the switch considers to be error packets:

With the Layer 3 error control feature disabled, the switch delivers all Layer 3 packets which the switch considers to be error packets (including IP packets with the options field) to the CPU for further processing;

With the Layer 3 error control feature enabled, the switch directly discards all Layer 3 packets which the switch considers to be error packets without delivering them to the CPU.

1.2  Configuring System Guard

1.2.1  Enabling Layer 3 Error Control

With the following command, you can enable the Layer 3 error control feature.

Table 1-1 Enable Layer 3 error control

Operation

Command

Remarks

Enter system view

system-view

Enable Layer 3 error control

system-guard l3err enable

Required

Enabled by default

 

&  Note:

In normal situations, we recommend that you enable this feature. Because the switch cannot forward error packets and IP packets with the Options field set, delivering all these packets to the CPU will affect the normal work of the CPU.

 

1.3  Displaying System Guard

After the about-mentioned configuration, you can use the display command in any view to view the running conditions of System Guard to verify your System Guard configuration.

Table 1-2 Display System Guard

Operation

Command

Remarks

View the status of Layer 3 error control

display system-guard l3err state

The display command can be executed in any view

 


Chapter 2  System Guard Configuration Commands

2.1  System Guard Configuration Commands

2.1.1  display system-guard l3err state

Syntax

display system-guard l3err state

View

Any view

Parameter

None

Description

Use the display system-guard l3err state command to view the status of Layer 3 error control.

Example

# View the status of Layer 3 error control.

<H3C> display system-guard l3err state

System-guard l3err status:  enabled  

2.1.2  system-guard l3err enable

Syntax

system-guard l3err enable

undo system-guard l3err enable

View

System view

Parameter

None

Description

Use the system-guard l3err enable command to enable Layer 3 error control.

Use the undo system-guard l3err enable command to disable Layer 3 error control.

By default, this feature is enabled.

The Layer 3 error control feature determines how the switch disposes of Layer packets which the switch considers to be error packets:

With the Layer 3 error control feature disabled, the switch delivers all Layer 3 packets which the switch considers to be error packets (including IP packets with the options field) to the CPU for further processing;

With the Layer 3 error control feature enabled, the switch directly discards all Layer 3 packets which the switch considers to be error packets without delivering them to the CPU.

 

&  Note:

In normal situations, we recommend that you enable this feature. Because the switch cannot forward error packets and IP packets with the Options field set, delivering all these packets to the CPU will affect the normal work of the CPU.

 

Example

# Enable Layer 3 error control.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] system-guard l3err enable