H3C S3600 Series Ethernet Switches Operation Manual-Release 1702(V1.01)

HomeSupportResource CenterSwitchesH3C S3600 Switch SeriesH3C S3600 Switch SeriesTechnical DocumentsConfigureConfiguration GuidesH3C S3600 Series Ethernet Switches Operation Manual-Release 1702(V1.01)

About This Document

The H3C S3600 Series Ethernet Switches Operation Manual, Release 1702 describes the software features available in the S3600 series software release 1702, and guides you through the software feature configuration procedures.


This document is for administrators who are configuring and maintaining the S3600 series switches.

Part Organization

Table 1-1 presents the part organization of this document:

Table 1-1 Part organization




l      Introduction to CLI

l      CLI Configuration

2 Login

l      Logging In Through the Console Port

l      Logging In Through Telnet or SSH

l      Logging In Using a Modem

l      Logging In Through Web or NMS

l      Configuring Source IP Address for Telnet Service Packets

l      Controlling Login Users by Using ACL

l      Switching User Level

3 Configuration File Management

l      Introduction to Configuration File

l      Saving the Current Configuration

l      Erasing the Startup Configuration File

l      Specifying a Configuration File for Next Startup


l      Basic VLAN Configuration

l      Configuring Port-Based VLAN

l      Configuring Protocol-Based VLAN

5 IP Address and Performance

l      Configuring an IP address for a Switch

l      Configuring the TCP Attributes for a Switch

l      Enabling Reception of Directed Broadcasts to a Directly Connected Network

l      Disabling the Switch from Sending ICMP Error Messages

l      Canceling the System-Defined ACLs for ICMP Attack Guard

6 Voice VLAN

l      Voice VLAN Overview

l      Voice VLAN Configuration


l      Introduction to GVRP

l      GVRP Configuration

8 Port Basic Configuration

l      Configuring Speed Options for Auto Negotiation on a Port

l      Configuring Flow Control on a Port

l      Duplicating the Configuration of a Port to Other Ports

l      Enabling Loopback Test

l      Enabling Giant-Frame Statistics Function

l      Limiting Traffic on a Port

l      Setting Broadcast Storm Suppression Globally

l      Configuring Loopback Detection on a Port

l      Enabling Cable Test on a Port

9 Link Aggregation

l      Configuring a Manual Aggregation Group

l      Configuring a Static LACP Aggregation Group

l      Configuring a Dynamic LACP Aggregation Group

10 Port Isolation

Configuring Port Isolation Group

11 Port Security-Port Binding

l      Setting the Maximum Number of Secure MAC Addresses Allowed on a Port

l      Setting the Port Security Mode

l      Configuring Port Security Features

l      Configuring Guest VLAN for a Port in macAddressOrUserLoginSecure mode

l      Ignoring the Authorization Information from the RADIUS Server

l      Configuring Secure MAC Addresses

l      Configuring MAC-IP-Port Binding


Device link detection protocol (DLDP)

13 MAC Address Table Management

l      Introduction to MAC Address Table

l      Configuring a MAC Address Entry

l      Setting the MAC Address Aging Timer

l      Setting the Maximum Number of MAC Addresses a Port Can Learn

l      Enabling Destination MAC Address Triggered Update

l      Assigning MAC Addresses for Ethernet Ports

14 Auto Detect

l      Auto Detect Basic Configuration

l      Auto Detect Implementation in Static Routing

l      Auto Detect Implementation in VRRP

l      Auto Detect Implementation in VLAN Interface Backup


l      STP/RSTP/MSTP Overview and Basic Configuration

l      Performing mCheck Operation

l      Guard Functions: BPDU Guard, Root Guard, Loop Guard, TC-BPDU Attack Guard, and BPDU Drop

l      Digest Snooping

l      Rapid Transition

l      VLAN-VPN Tunnel

l      MSTP Maintenance Configuration

l      Sending Trap Messages Conforming to 802.1d Standard

16 Routing Protocols.

l      Static Route

l      Routing Information Protocol (RIP) v1/v2

l      Open Shortest Path First (OSPF) (available only on the S3600-EI series)

l      Routing Policy

l      Route Capacity Limiting (available only on the S3600-EI series)

17 Multicast

l      Multicast Overview

l      Configuring the Common Multicast Functions

l      Internet Group Management Protocol (IGMP) (available only on the S3600-EI series)

l      Protocol Independent Multicast (PIM) (available only on the S3600-EI series)

l      Multicast Source Discovery Protocol (MSDP) (available only on the S3600-EI series)

l      Internet Group Management Protocol Snooping (IGMP Snooping)

18 802.1X and System Guard

l      802.1X Authentication

l      Guest VLAN

l      Quick EAD Deployment

l      Huawei Authentication Bypass Protocol (HABP)

l      System Guard

19 AAA

l      Authentication, Authorization, and Accounting (AAA)

l      Remote Authentication Dial-In User Service (RADIUS)

l      Huawei Terminal Access Controller Access Control System (HWTACACS)

l      Endpoint Admission Defense (EAD)

20 Web Authentication

l      Web Authentication Configuration

l      Configuring HTTPS Access for Web Authentication

l      Customizing Web Authentication Pages

21 MAC Address Authentication

l      Basic MAC Address Authentication

l      Enhanced MAC Address Authentication


l      Virtual Router Redundancy Protocol (VRRP) Basic Configuration

l      VRRP Tracking

23 ARP

l      ARP

l      Gratuitous ARP

l      ARP Attack Detection

l      Proxy ARP

l      Resilient ARP

l      MFF


l      DHCP Server (available only on the S3600-EI series)

l      DHCP Relay Agent

l      DHCP Snooping

l      DHCP Packet Rate Limit

l      DHCP/BOOTP Client

25 ACL

l      Basic ACLs

l      Advanced ACLs

l      Layer 2 ACLs

l      User-Defined ACLs

l      IPv6 ACLs (available only on the S3600-SI series)

l      Applying ACLs to Ports

l      Applying ACLs to VLANs

26 QoS-QoS Profile

l      Quality of Service (QoS)

l      QoS Profile

27-Web Cache Redirection

Web Cache Redirection (available only on the S3600-EI series)

28 Mirroring

l      Traffic Mirroring

l      Local Port Mirroring

l      Remote Port Mirroring (available only on the S3600-EI series)

29-IRF Fabric

l      IRF Fabric

l      Specifying the Fabric Port of a Switch

l      IRF Fabric Detection

l      IRF Automatic Fabric

30 Cluster

l      Huawei Group Management Protocol (HGMP) v2

l      Neighbor Discovery Protocol (NDP)

l      Neighbor Topology Discovery Protocol (NTDP)

l      Enhanced Cluster Features

l      Cluster Synchronization Functions

31-PoE-PoE Profile

l      PoE Configuration

l      PoE Profile Configuration

32-UDP Helper

l      Introduction to UDP Helper

l      Configuring UDP Helper


l      Simple Network Management Protocol (SNMP) v1, v2, v3

l      Configuring Trap-Related Functions

l      Remote Monitoring (RMON)

34 NTP

l      Introduction to NTP

l      Configuring NTP Implementation Modes

l      Configuring Access Control Right

l      Configuring NTP Authentication

l      Configuring Optional NTP Parameters

35 SSH

l      SSH Overview

l      Configuring the SSH Server

l      Configuring the SSH Client

36 File System Management

l      File System Configuration

l      File Attribute Configuration


l      FTP and SFTP Configuration

l      TFTP Configuration

38 Information Center

l      Information Center Overview

l      Information Center Configuration

39 System Maintenance and Debugging

l      Boot ROM and Host Software Loading

l      Basic System Configuration and Debugging

l      Network Connectivity Test

l      Device Management

l      Scheduled Task Configuration


l      VLAN VPN (QinQ)

l      Enabling Transparent IGMP Message Transmission on a VLAN-VPN Port

l      Configuring the Inner-to-Outer Tag Priority Replication

l      Configuring TPID Value

l      Selective QinQ

l      BPDU Tunnel

41 HWPing

l      HWPing Server/HWPing Client Configuration

l      Nine test types, including ICMP test, DHCP test, FTP test, HTTP test, DNS test, SNMP test, jitter test, TCP test, and UDP test

42 IPv6 Management

l      IPv6 Management

l      Static IPv6 Route

l      IPv6 DNS

l      IPv6 Application Configuration

43 DNS

IPv4 Domain Name System (DNS)

44 Smart Link-Monitor Link

l      Smart Link

l      Monitor Link

45 Access Management

l      Access Management Overview

l      Configuring Access Management


l      Basic Link Layer Discovery Protocol (LLDP) configuration

l      CDP Compatibility

l      LLDP Trapping

47 PKI

l      Submitting a PKI Certificate Request in Auto Mode or in Manual Mode

l      Verifying, Retrieving, and Deleting a PKI Certificate

l      Configuring an Access Control Policy

48 SSL

l      Configuring an SSL Server Policy

l      Configuring an SSL Client Policy


l      HTTPS Service

l      Associating the HTTPS Service with an SSL Server Policy

l      Associating the HTTPS Service with a Certificate Attribute Access Control Policy

l      Associating the HTTPS Service with an ACL


New Features

H3C S3600 Series Ethernet Switches Operation Manual-Release 1702 and H3C S3600 Series Ethernet Switches Command Manual-Release 1702 are for software release 1702.

See Table 1-2 for new features introduced in release 1702.

Table 1-2 New features in release 1702

New features


Command alias configuration


Canceling the system-defined ACLs for ICMP attack guard

05-IP Address and Performance

Configuring QoS priority settings for voice traffic on an interface

06-Voice VLAN

Configuring flow control on Ethernet ports

08-Port Basic Configuration

Configuring loopback port auto-shutdown and loopback detection on Ethernet ports in bulk

Configuring storm suppression thresholds in kbps

Various types of characters in port descriptions

Configuring Guest VLAN for port security

11-Port Security-Port Binding

Configuring the aging time for learned secure MAC address entries

Configuring port-MAC-IP binding

Configuring PIM prune delay (available only on the S3600-EI series)

17-Multicast Protocol

Configuring the source address to be carried in IGMP group-specific queries

Disabling a port from becoming a router port

CPU protection

18-802.1X and System-Guard

Ignoring assigned RADIUS authorization attributes



Setting the maximum online time for Web authentication users

20-Web Authentication

Configuring HTTPS access for Web authentication

Customizing Web authentication pages

VRRP (available only on the S3600-SI series Ethernet switches)


ARP attack defense


Local proxy ARP


The qos-profile keyword, and IP filtering based on authenticated 802.1X clients


Removing DHCP snooping entries

Configuring the DHCP relay agent to process DHCP-INFORM messages in an IRF system



Port mirroring–STP collaboration


Cluster synchronization


Enabling auto power down on an electrical Ethernet port

39-System Maintenance and Debugging

Scheduled task configuration

Enabling transparent IGMP message transmission on a VLAN-VPN port


New HWPing commands, including: adv-factor, datafill, description, display hwping statistics, filesize, history keep-time, history-record enable, hwping-agent clear, hwping-agent max-requests, sendpacket passroute, statistics, statistics keep-time, test-time begin, and ttl.












Command conventions




The keywords of a command line are in Boldface.


Command arguments are in italic.

[ ]

Items (keywords or arguments) in square brackets [ ] are optional.

{ x | y | ... }

Alternative items are grouped in braces and separated by vertical bars. One is selected.

[ x | y | ... ]

Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected.

{ x | y | ... } *

Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected.

[ x | y | ... ] *

Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected.


The argument(s) before the ampersand (&) sign can be entered 1 to n times.


A line starting with the # sign contains comments.


Command line interface (CLI) commands of H3C products are case insensitive.


GUI conventions




Window names, button names, field names, and menu items are in Boldface. For example, the New User window appears; click OK.

Multi-level menus are separated by angle brackets. For example, File > Create > Folder.





Means reader be extremely careful. Improper operation may cause bodily injury.

Means reader be careful. Improper operation may cause data loss or damage to equipment.

Means a complementary description.

Means techniques helpful for you to make configuration with ease.

H3C S3600 Series Documentation Guide

Obtaining the Documentation

You can obtain the H3C S3600 series documentation in these ways:

l          CD-ROMs shipped with the devices

l          H3C website

l          Software release notes


H3C delivers a CD-ROM together with each device. The CD-ROM contains a complete set of electronic documents of the product, including operation manuals and command manuals. After installing the reader program provided by the CD-ROM, you can search for the desired contents in a convenient way through the reader interface.

The contents in the manual are subject to update on an irregular basis due to product version upgrade or some other reasons. Therefore, the contents in the CD-ROM may not be the latest version. This manual serves the purpose of user guide only. Unless otherwise noted, all the information in the document set does not claim or imply any warranty. For the latest software documentation, go to the H3C website.

H3C Website

To obtain up-to-date documentation and technical support, go to http://www.h3c.com.

Go to the following columns for different categories of product documentation:

[Products & Solutions]: Provides information about products and technologies, as well as solutions.

[Technical Support & Document > Technical Documents]: Provides several categories of product documentation, such as installation, configuration, and maintenance.

[Technical Support & Document > Software Download]: Provides the documentation released with the software version.

Software Release Notes

With software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes.

Related Documentation

Use the documents listed in Table 2-1 together with H3C S3600 Series Ethernet Switches Operation Manual to make full use of the benefits delivered by the S3600 series.

Table 2-1 Related documentation

Document title


H3C S3600 Series Ethernet Switches  Command Manual-Release 1702

Describes the commands for the S3600 Series Ethernet Switches. A master index of all commands covered by the whole manual is provided for the ease of retrieval.

H3C S3600 Series Ethernet Switches  Installation Manual

Describes the physical views and hardware specifications of the H3C S3600 series switches, and guides you through the installation, power-on and startup, troubleshooting and maintenance procedures.

H3C S3600 Series Ethernet Switches Compliance and Safety Manual

Provides the safety and regulatory compliance statements, and describes the protection actions that you must take when installing and maintaining the H3C S3600 series switches.

H3C Low-End Ethernet Switches Configuration Guide

Describes the typical application scenarios, and provides configuration examples and configuration guidelines.


Finding Documents at the H3C Website

All these documents are available at the H3C website:

l              For software feature descriptions and configuration procedures, see H3C S3600 Series Ethernet Switches Operation Manual.

l              For command reference, see H3C S3600 Series Ethernet Switches Command Manual.

l              For hardware specifications, installation, and troubleshooting, see H3C S3600 Series Ethernet Switches Installation Manual.

l              For typical application scenarios, configuration examples, and configuration guidelines, see H3C Low-End Ethernet Switches Configuration Guides.

Documentation Feedback

You can e-mail your comments about product documentation to info@h3c.com.

We appreciate your comments.

Product Overview

The H3C S3600 Series Ethernet Switches are multilayer switching products. They support abundant Layer 3 features and enhanced extended functions, in addition to Layer 2 features. The switches come in two series:

l          The S3600-SI series supports basic routing functions, DHCP, basic IRF functions, and IGMP-Snooping.

l          The S3600-EI series supports advanced routing functions, DHCP, enhanced IRF functions, and enhanced multicast functions (including PIM-DM and PIM-SM).

See Table 3-1 for all S3600 switch models and their basic hardware specifications.

Table 3-1 S3600 switch hardware summary


Power supply unit (PSU)

Number of service ports

Number of 100 Mbps ports

Number of 1,000 Mbps uplink ports

Console port

H3C S3600-28P-SI



24 10/100 Mbps ports (electrical)

4 Gigabit (SFP) ports


H3C S3600-28P-PWR-SI



24 10/100 Mbps ports (electrical)

4 Gigabit (SFP) ports


H3C S3600-28TP-SI



24 10/100 Mbps (electrical)

2 Gigabit (SFP) ports

2 x 10/100/1,000 Mbps ports (electrical)


H3C S3600-52P-SI



48 10/100 Mbps (electrical)

4 Gigabit (SFP) ports


H3C S3600-28P-EI



24 10/100 Mbps ports (electrical)

4 Gigabit (SFP) ports


H3C S3600-28F-EI



24 100 Mbps (SFP) ports

2 Gigabit (SFP) ports

2 10/100/1,000 Mbps ports (electrical)


H3C S3600-28P-PWR-EI



24 10/100 Mbps ports (electrical)

4 Gigabit (SFP) ports


H3C S3600-52P-EI



48 10/100 Mbps ports (electrical)

4 Gigabit ports (SFP)


H3C S3600-52P-PWR-EI



48 10/100 Mbps ports (electrical)

4 Gigabit (SFP) ports


H3C S3600-52P-PWR-SI



48 10/100 Mbps ports (electrical)

4 Gigabit (SFP) ports



Network Scenarios

You can deploy the S3600 series on many types of networks, such as enterprise and broadband access networks. This section describes several typical application scenarios for the S3600 series.

Broadband Ethernet Access for Residential Communities

Deploy an S3600 series switch at the center of the broadband access network for a residential community. Connect the switch to the access S3100 series switches to reach end users, and to an upstream core Layer 3 switch through a GE port to access the MAN backbone.

Figure 3-1 Community access network


Branch or Small- to Medium-Sized Enterprise Networks

Deploy the S3600 series switches as backbone switches on a branch or small-to medium-sized enterprise network. Connect the switches to the headquarters or other branches through routers. As the business grows, you can cascade the S3600 series to extend the network.

Figure 3-2 Branch or small-to medium-sized enterprise network


Large Enterprise and Campus Networks

Deploy the S3600 series switches at the distribution layer of a large enterprise or campus network to implement Gigabit-to-backbone and 100 Mbps-to-desktop together with other H3C switches. Connect the S3600 switches to the access Layer 2 switches (for example, the S3100 series), and to the core Layer 3 switches through GE ports.

Figure 3-3 S3600 series application in a large enterprise or campus network