H3C S3100-52P Ethernet Switch Operatioin Manual-Release 1702-6W100

HomeSupportResource CenterSwitchesH3C S3100 Switch SeriesH3C S3100 Switch SeriesTechnical DocumentsConfigureConfiguration GuidesH3C S3100-52P Ethernet Switch Operatioin Manual-Release 1702-6W100


To read the whole book, click the link on the right side to download the whole book; to read the individual chapters, click the links on the left.


1  About This Guide

The H3C S3100-52P Ethernet Switch Operation Manual, Release 1702 describes the software features available in the software release 1702 for the S3100-52P switch, and guides you to configure these features.


This guide is for administrators managing the S3100-52P switch, hereafter referred to as the switch.

Part Organization

Table 1-1 presents the part organization of this guide:

Table 1-1 Part organization




l      Introduction of CLI

l      CLI Configurations

2 Login

l      Logging In Through the Console Port

l      Logging In Through Telnet

l      Logging In Using a Modem

l      Logging into a switch through Web or NMS

l      Configuring Source IP Address for Telnet Service

l      Controlling user login using ACL

l      Switching User Level

3 Configuration File Management

l      Saving the Current Configuration

l      Erasing the Startup Configuration File

l      Specifying a Configuration File for Next Startup


l      VLAN Overview

l      VLAN Configuration

5 IP Address and Performance

l      Configuring an IP address for a switch

l      Configuring the TCP attributes for a switch

l      Enabling/disabling the switch to send ICMP error messages

l      Canceling the System-Defined ACLs for ICMP Attack Guard

6 Voice VLAN

l      Voice VLAN Overview

l      Voice VLAN Configuration


l      Introduction to GVRP

l      GVRP Configuration

8 Port Basic Configuration

l      Configuring port auto-negotiation rate

l      Configuring flow control on a port

l      Duplicating the configuration of a port to other ports

l      Enabling loopback test

l      Enabling giant-frame statistics function

l      Limiting traffic on a port

l      Setting broadcast storm suppression globally

l      Loopback detection supported

l      Cable test

9 Link Aggregation

l      Configuring manual aggregation group

l      Configuring static LACP aggregation group

l      Configuring dynamic LACP aggregation group

10 Port Isolation

l      Configuring port isolation group

11 Port Security-Port Binding

l      Setting the Maximum Number of Secure MAC Addresses Allowed on a Port

l      Setting the Port Security Mode

l      Configuring Port Security Features

l      Configuring Guest VLAN for a Port in macAddressOrUserLoginSecure mode

l      Ignoring the Authorization Information from the RADIUS Server

l      Configuring Secure MAC Addresses

l      Configuring MAC address-to-IP address-to-port binding


Device link detection protocol (DLDP)

13 MAC Address Table Management

l      Introduction of MAC Address Table Management

l      Configuring a MAC Address Entry

l      Setting the MAC Address Aging Timer

l      Setting the Maximum Number of MAC Addresses a Port Can Learn

l      Enabling Destination MAC Address Triggered Update

l      Assigning MAC Addresses for Ethernet Ports


l      STP/RSTP/MSTP overview and basic configuration

l      Guard functions: BPDU guard, root guard, loop guard, TC-BPDU attack guard, and BPDU drop

l      Digest snooping

l      Rapid transition


l      MSTP maintenance configuration

l      Trap messages conforming to 802.1d standard

15 Static Route.

Configuring Static route

16 Multicast

l      Multicast overview

l      Configuring the common multicast  functions

l      Configuring IGMP Snooping

17 802.1x and System Guard

l      802.1X Authentication

l      Guest VLAN

l      Quick deployment of EAD

l      Huawei Authentication Bypass Protocol (HABP)

l      System Guard

18 AAA

l      Authentication, Authorization, and Accounting (AAA)

l      Remote Authentication Dial-In User Service (RADIUS)

l      Huawei Terminal Access Controller Access Control System (HWTACACS)

l      Endpoint Admission Defense (EAD)

19 Web Authentication

l      Web Authentication

l      HTTPS Access for Web Authentication

l      Customizing Web Authentication Pages

20 MAC Address Authentication

l      MAC address authentication

l      Enhanced MAC address authentication

21 ARP

l      Configuring ARP

l      Configuring Gratuitous ARP

l      ARP attack detection


l      DHCP Snooping

l      DHCP packet rate limitation

l      DHCP client/BOOTP client

23 ACL

l      Basic ACLs

l      Advanced ACLs

l      Layer 2 ACLs

l      User-defined ACLs

l      IPv6 ACLs

l      Applying ACLs on ports

l      Applying ACLs to VLANs

24 QoS-QoS Profile

l      Quality of Service (QoS)

l      QoS profile

25 Mirroring

l      Traffic mirroring

l      Local port mirroring

l      Remote port mirroring

26 Stack-Cluster

l      Stack

l      Huawei Group Management Protocol (HGMP) v2

l      Neighbor Discovery Protocol (NDP)

l      Neighbor Topology Discovery Protocol (NTDP)

l      Enhanced Cluster Features

l      Cluster Synchronization Functions


l      Simple network management protocol (SNMP) v1, v2, v3

l      Support of Trap parameters configuration

l      Remote monitoring (RMON)

28 NTP

l      Introduction to NTP

l      Configuring NTP Implementation Modes

l      Configuring Access Control Right

l      Configuring NTP Authentication

l      Configuring Optional NTP Parameters

29 SSH

l      SSH Overview

l      Configuring the SSH Server

l      Configuring the SSH Client

30 File System Management

l      File System Configuration

l      File Attribute Configuration


l      FTP and SFTP Configuration

l      TFTP Configuration

32 Information Center

l      Information Center Overview

l      Information Center Configuration

33 System Maintenance and Debugging

l      Boot ROM and Host Software Loading

l      Basic System Configuration and Debugging

l      Network Connectivity Test

l      Device Management

l      Scheduled Task Configuration


l      VLAN VPN (QinQ)

l      Enabling Transparent IGMP Message Transmission on a VLAN-VPN Port

l      Configuring TPID Value

l      Configuring VLAN VPN Interior-layer Priority Replication

l      Selective QinQ

l      BPDU Tunnel

35 HWPing

l      Operating as a HWPing server/HWPing client

l      Nine test types, including ICMP test, DHCP test, FTP test, HTTP test, DNS test, SNMP test, jitter test, TCP test, and UDP test

36 IPv6 Management

l      IPv6 management

l      IPv6 static route

l      IPv6 DNS

l      IPv6 Application Configuration

37 DNS

IPv4 Domain Name System (DNS)

38 Smart Link-Monitor Link

l      Smart Link

l      Monitor Link


l      Basic LLDP (Link Layer Discovery Protocol) configuration

l      CDP Compatibility

l      LLDP Trapping

40 PKI

l      Certificate Request in Auto Mode or in Manual Mode

l      PKI Certificate Verification, Retrieving and Deleting

l      Access Control Policy

41 SSL

l      Configuring an SSL Server Policy

l      Configuring an SSL Client Policy


l      HTTPS Service

l      HTTPS Service with an SSL Server Policy

l      HTTPS Service with a Certificate Attribute Access Control Policy      

l      HTTPS Service with an ACL


Correspondence Between Documentation and Software

H3C S3100-52P Ethernet Switch Operation Manual-Release 1702 and H3C S3100-52P Ethernet Switch Command Manual-Release 1702 are for the software version of Release1702 of the S3100-52P.

Compared with Release 1602, many new features are added in Release 1702. For details, refer to Table 1-2.

Table 1-2 Added features in Release 1702

Added feature in Release 1702


Command alias configuration


Canceling the System-Defined ACLs for ICMP Attack Guard

05-IP Address and Performance

Configuring QoS priority settings for voice traffic on an interface

06-Voice VLAN

Configuring flow control on Ethernet ports

08-Port Basic Configuration

Configuring loopback port auto-shutdown and loopback detection on Ethernet ports in bulk

Support of the kbps keyword in storm suppression thresholds

Support of various types of characters in port descriptions

Configuring Guest VLAN for port security

11-Port Security-Port Binding

Configuring the aging time for learned secure MAC address entries

Configuring port-MAC-IP binding

Configuring the source address to be carried in IGMP queries

16-Multicast Protocol

Support of the CPU protection feature

17-802.1x and System-Guard

Support of ignorance of assigned RADIUS authorization attributes


Support of the auto VLAN feature

Support of setting the maximum online time for Web authentication users

19-Web Authentication

Support of configuring HTTPS access for Web authentication

Support of customizing Web authentication pages

ARP attack detection


Support of the qos-profile keyword and IP filtering for 802.1x authentication users are added in the IP filtering feature.


Removing DHCP snooping entries



Port Mirroring – STP Collaboration


Configuration of the Cluster Synchronization Function


Enabling auto power down on an Ethernet electrical port

33-System Maintenance and Debugging

Scheduled task configuration

Enabling Transparent IGMP Message Transmission on a VLAN-VPN Port


New HWPing commands are added including adv-factor, datafill, description, display hwping statistics, filesize, history keep-time, history-record enable, hwping-agent clear, hwping-agent max-requests, sendpacket passroute, statistics, statistics keep-time, test-time begin and ttl.












Command conventions




The keywords of a command line are in Boldface.


Command arguments are in italic.

[ ]

Items (keywords or arguments) in square brackets [ ] are optional.

{ x | y | ... }

Alternative items are grouped in braces and separated by vertical bars. One is selected.

[ x | y | ... ]

Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected.

{ x | y | ... } *

Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected.

[ x | y | ... ] *

Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected.


The argument(s) before the ampersand (&) sign can be entered 1 to n times.


A line starting with the # sign is comments.


Command line interface (CLI) commands of H3C products are case insensitive.


GUI conventions




Window names, button names, field names, and menu items are in Boldface. For example, the New User window appears; click OK.

Multi-level menus are separated by angle brackets. For example, File > Create > Folder.



Means reader be extremely careful. Improper operation may cause bodily injury.

Means reader be careful. Improper operation may cause data loss or damage to equipment.

Means a complementary description.

Means techniques helpful for you to make configuration with ease.


2  H3C S3100-52P Documentation Guide

Obtaining Documentation and Technical Support

Hangzhou H3C Technologies Co., Ltd. (hereafter referred to as H3C) provides various ways for you to obtain product documents and new feature releases in a convenient and timely manner. The documentations are available with:

l          CD-ROMs shipped with the devices

l          H3C website

l          Software release notes


H3C delivers a CD-ROM together with each device. The CD-ROM contains a complete set of electronic documents of the product, including operation manuals and command manuals. After installing the reader program provided by the CD-ROM, you can search for the desired contents in a convenient way through the reader interface.

The contents in the manual are subject to update on an irregular basis due to product version upgrade or some other reasons. Therefore, the contents in the CD-ROM may not be the latest version. This manual serves the purpose of user guide only. Unless otherwise noted, all the information in the document set does not claim or imply any warranty. For the latest software documentation, go to the H3C website.

H3C Website

To obtain up-to-date documentation and technical support, go to http://www.h3c.com and select your country or region. Depending on your selection, you will be redirected to either of the following websites:

Go to the following columns for different categories of product documentation:

[Products & Solutions]: Provides information about products and technologies, as well as solutions.

[Technical Support & Document > Technical Documents]: Provides several categories of product documentation, such as installation, configuration, and maintenance.

[Technical Support & Document > Software Download]: Provides the documentation released with the software version.

Software Release Notes

With software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes.

Related Documentation

H3C S3100-52P Ethernet Switch Command Manual describes the commands for the software features.

Other related documentation and their contents are listed in Table 2-1.

Table 2-1 Related documentation

Document title


H3C S3100-52P Ethernet Switch Command Manual, Release 1702

Describes the commands for the S3100-52P Ethernet Switch. A master index of all commands covered by the whole manual is provided for your convenience.

H3C S3100-52P Ethernet Switch Operation Manual, Release 1702

Introduces the principles and configuration procedures of the software features for the S3100-52P Ethernet Switch.

H3C S3100-52P Ethernet Switch Installation Manual

Introduces the appearance, installation, power-on and startup, troubleshooting and maintenance of the H3C S3100-52P Ethernet switch.

H3C S3100-52P Ethernet Switch Compliance and Safety Manual

Introduces the security-preventive measures that you must comply with when installing and maintaining the H3C S3100-52P Ethernet switch.

H3C Low-End Ethernet Switches Configuration Guide

Introduces the typical application scenarios of the H3C S3100-52P Ethernet switch, and the related configuration procedures and configuration guidelines.


Reading Documents of Interest

l              To get an idea of the basic principles and configuration procedures of supported software features, read H3C S3100-52P Ethernet Switch Operation Manual at the H3C website.

l              To learn about the uses and parameters of commands and the meanings of displayed information, read H3C S3100-52P Ethernet Switch Command Manual at the H3C website.

l              To learn about the hardware characteristics, installation, and troubleshooting of available switch models and pluggable hardware components, read H3C S3100-52P Ethernet Switch Installation Manual at the H3C website.

Documentation Feedback

You can e-mail your comments about product documentation to info@h3c.com.

We appreciate your comments.


3  Product Overview

Product Overview

H3C S3100-52P Ethernet switch is a Layer 2 wire speed Ethernet switch developed by H3C independently. It is the intelligent and manageable switch designed for network environments where high performance, high port density, and ease of installation are required.

Table 3-1 S3100-52P Ethernet switch hardware specifications


Power supply unit (PSU)

Number of service ports

Number of 100 Mbps ports

Number of 1,000 Mbps uplink ports

Console port

H3C S3100-52P



48 10/100 Mbps ports(electrical)

4 Gigabit (SFP) ports



Networking Applications

You can deploy S3100-52P Ethernet switch on many types of networks, such as enterprise networks and broadband access networks. Following are several typical networking applications.

Broadband Ethernet Access for Residential Communities

On the broadband access network of a residential community, an S3100-52P Ethernet switch is located in the center. It is downlinked to S3100 series switches to reach the Ethernet users and uplinked to a core Layer 3 switch through a GE port to connect to the MAN backbone.

Figure 3-1 Connecting community Ethernet to MAN using S3100-52P Ethernet switch


Application for Connecting Branches or Small- to Medium-Sized Enterprises

For small-to medium-sized enterprises or branches of a large enterprise, S3100-52P Ethernet switch can serve as a downstream device connected to the backbone switch, and can be connected to the headquarters or other branches through Layer 3 switches or routers. As the enterprise size increases, the network also can expand by subtending the S3100-52P Ethernet switch.

Figure 3-2 S3100-52P Ethernet switch application in branch network of midsize/large enterprise


Application in Large Enterprise and Campus Networks

In a large enterprise or campus network, the S3100-52P Ethernet switch can operate on the access layer. They are uplinked to layer 3 switches, S3600 Series or S5600 Series for example; and uplinked to a layer 3 switch. These switches together provide a network-wide intranet solution that covers Gigabit-to-backbone and 100 Mbps-to-desktop.

Figure 3-3 S3100-52P Ethernet switch application in large enterprise and campus network