Login
- Table of Contents
- Related Documents
-
Table of Contents
2 H3C S3600 Series Documentation Guide· 2-1
Obtaining the Documentation· 2-1
Finding Documents at the H3C Website· 2-2
Broadband Ethernet Access for Residential Communities· 3-2
Branch or Small- to Medium-Sized Enterprise Networks· 3-2
Large Enterprise and Campus Networks· 3-3
1 About This Document
The H3C S3600 Series Ethernet Switches Operation Manual, Release 1702 describes the software features available in the S3600 series software release 1702, and guides you through the software feature configuration procedures.
Audience
This document is for administrators who are configuring and maintaining the S3600 series switches.
Part Organization
Table 1-1 presents the part organization of this document:
Part | Contents |
1 CLI | l Introduction to CLI |
2 Login | l Logging In Through the Console Port l Logging In Through Telnet or SSH l Logging In Through Web or NMS l Configuring Source IP Address for Telnet Service Packets l Controlling Login Users by Using ACL |
3 Configuration File Management | l Introduction to Configuration File l Saving the Current Configuration l Erasing the Startup Configuration File l Specifying a Configuration File for Next Startup |
4 VLAN | l Basic VLAN Configuration l Configuring Port-Based VLAN l Configuring Protocol-Based VLAN |
5 IP Address and Performance | l Configuring an IP address for a Switch l Configuring the TCP Attributes for a Switch l Enabling Reception of Directed Broadcasts to a Directly Connected Network |
6 Voice VLAN | l Voice VLAN Configuration |
7 GVRP | |
8 Port Basic Configuration | l Configuring Speed Options for Auto Negotiation on a Port l Configuring Flow Control on a Port l Duplicating the Configuration of a Port to Other Ports l Enabling Giant-Frame Statistics Function l Limiting Traffic on a Port l Setting Broadcast Storm Suppression Globally l Configuring Loopback Detection on a Port l Enabling Cable Test on a Port |
9 Link Aggregation | l Configuring a Manual Aggregation Group l Configuring a Static LACP Aggregation Group l Configuring a Dynamic LACP Aggregation Group |
10 Port Isolation | Configuring Port Isolation Group |
11 Port Security-Port Binding | l Setting the Maximum Number of Secure MAC Addresses Allowed on a Port l Setting the Port Security Mode l Configuring Port Security Features l Configuring Guest VLAN for a Port in macAddressOrUserLoginSecure mode l Ignoring the Authorization Information from the RADIUS Server l Configuring Secure MAC Addresses l Configuring MAC-IP-Port Binding |
12 DLDP | Device link detection protocol (DLDP) |
13 MAC Address Table Management | l Introduction to MAC Address Table l Configuring a MAC Address Entry l Setting the MAC Address Aging Timer l Setting the Maximum Number of MAC Addresses a Port Can Learn |
14 Auto Detect | l Auto Detect Basic Configuration l Auto Detect Implementation in Static Routing |
15 MSTP | l STP/RSTP/MSTP Overview and Basic Configuration l Performing mCheck Operation l Guard Functions: BPDU Guard, Root Guard, Loop Guard, TC-BPDU Attack Guard, and BPDU Drop l Digest Snooping l Rapid Transition l VLAN-VPN Tunnel l MSTP Maintenance Configuration l Sending Trap Messages Conforming to 802.1d Standard |
16 Routing Protocols. | l Static Route l Routing Information Protocol (RIP) v1/v2 l Open Shortest Path First (OSPF) (available only on the S3600-EI series) l Routing Policy l Route Capacity Limiting (available only on the S3600-EI series) |
17 Multicast | l Configuring the Common Multicast Functions l Internet Group Management Protocol (IGMP) (available only on the S3600-EI series) l Protocol Independent Multicast (PIM) (available only on the S3600-EI series) l Multicast Source Discovery Protocol (MSDP) (available only on the S3600-EI series) l Internet Group Management Protocol Snooping (IGMP Snooping) |
18 802.1X and System Guard | l 802.1X Authentication l Guest VLAN l Quick EAD Deployment l Huawei Authentication Bypass Protocol (HABP) l System Guard |
19 AAA | l Authentication, Authorization, and Accounting (AAA) l Remote Authentication Dial-In User Service (RADIUS) l Huawei Terminal Access Controller Access Control System (HWTACACS) |
20 Web Authentication | l Web Authentication Configuration l Configuring HTTPS Access for Web Authentication l Customizing Web Authentication Pages |
21 MAC Address Authentication | l Basic MAC Address Authentication l Enhanced MAC Address Authentication |
22-VRRP | l Virtual Router Redundancy Protocol (VRRP) Basic Configuration l VRRP Tracking |
23 ARP | l ARP Attack Detection l Proxy ARP l Resilient ARP l MFF |
24 DHCP | l DHCP Server (available only on the S3600-EI series) l DHCP Relay Agent l DHCP Snooping l DHCP Packet Rate Limit l DHCP/BOOTP Client |
25 ACL | l Basic ACLs l Advanced ACLs l Layer 2 ACLs l User-Defined ACLs l IPv6 ACLs (available only on the S3600-SI series) l Applying ACLs to Ports l Applying ACLs to VLANs |
26 QoS-QoS Profile | l Quality of Service (QoS) l QoS Profile |
27-Web Cache Redirection | Web Cache Redirection (available only on the S3600-EI series) |
28 Mirroring | l Traffic Mirroring l Local Port Mirroring l Remote Port Mirroring (available only on the S3600-EI series) |
29-IRF Fabric | l IRF Fabric l Specifying the Fabric Port of a Switch l IRF Fabric Detection l IRF Automatic Fabric |
30 Cluster | l Huawei Group Management Protocol (HGMP) v2 l Neighbor Discovery Protocol (NDP) l Neighbor Topology Discovery Protocol (NTDP) l Cluster Synchronization Functions |
31-PoE-PoE Profile | |
32-UDP Helper | |
33 SNMP-RMON | l Simple Network Management Protocol (SNMP) v1, v2, v3 l Configuring Trap-Related Functions l Remote Monitoring (RMON) |
34 NTP | l Configuring NTP Implementation Modes l Configuring Access Control Right |
35 SSH | l SSH Overview l Configuring the SSH Server l Configuring the SSH Client |
36 File System Management | |
37 FTP-SFTP-TFTP | l FTP and SFTP Configuration |
38 Information Center | |
39 System Maintenance and Debugging | l Boot ROM and Host Software Loading |
40 VLAN-VPN | l VLAN VPN (QinQ) l Enabling Transparent IGMP Message Transmission on a VLAN-VPN Port l Configuring the Inner-to-Outer Tag Priority Replication l Configuring TPID Value l Selective QinQ l BPDU Tunnel |
41 HWPing | l HWPing Server/HWPing Client Configuration l Nine test types, including ICMP test, DHCP test, FTP test, HTTP test, DNS test, SNMP test, jitter test, TCP test, and UDP test |
42 IPv6 Management | l IPv6 Management l Static IPv6 Route l IPv6 DNS |
43 DNS | IPv4 Domain Name System (DNS) |
44 Smart Link-Monitor Link | l Smart Link l Monitor Link |
45 Access Management | l Access Management Overview l Configuring Access Management |
46 LLDP | l Basic Link Layer Discovery Protocol (LLDP) configuration l CDP Compatibility l LLDP Trapping |
47 PKI | l Submitting a PKI Certificate Request in Auto Mode or in Manual Mode l Verifying, Retrieving, and Deleting a PKI Certificate l Configuring an Access Control Policy |
48 SSL | l Configuring an SSL Server Policy l Configuring an SSL Client Policy |
49 HTTPS | l HTTPS Service l Associating the HTTPS Service with an SSL Server Policy l Associating the HTTPS Service with a Certificate Attribute Access Control Policy l Associating the HTTPS Service with an ACL |
New Features
H3C S3600 Series Ethernet Switches Operation Manual-Release 1702 and H3C S3600 Series Ethernet Switches Command Manual-Release 1702 are for software release 1702.
See Table 1-2 for new features introduced in release 1702.
Table 1-2 New features in release 1702
New features | Reference |
01-CLI | |
Canceling the system-defined ACLs for ICMP attack guard | 05-IP Address and Performance |
Configuring QoS priority settings for voice traffic on an interface | 06-Voice VLAN |
Configuring flow control on Ethernet ports | 08-Port Basic Configuration |
Configuring loopback port auto-shutdown and loopback detection on Ethernet ports in bulk | |
Configuring storm suppression thresholds in kbps | |
Various types of characters in port descriptions | |
Configuring Guest VLAN for port security | 11-Port Security-Port Binding |
Configuring the aging time for learned secure MAC address entries | |
Configuring port-MAC-IP binding | |
Configuring PIM prune delay (available only on the S3600-EI series) | 17-Multicast Protocol |
Configuring the source address to be carried in IGMP group-specific queries | |
Disabling a port from becoming a router port | |
CPU protection | 18-802.1X and System-Guard |
Ignoring assigned RADIUS authorization attributes | 19-AAA |
Auto VLAN | |
Setting the maximum online time for Web authentication users | 20-Web Authentication |
VRRP (available only on the S3600-SI series Ethernet switches) | 22-VRRP |
ARP attack defense | 23-ARP |
MFF | |
The qos-profile keyword, and IP filtering based on authenticated 802.1X clients | 24-DHCP |
Configuring the DHCP relay agent to process DHCP-INFORM messages in an IRF system | |
IPv6 ACLs | 25-ACL |
Port mirroring–STP collaboration | 28-Mirroring |
30-Cluster | |
39-System Maintenance and Debugging | |
Enabling transparent IGMP message transmission on a VLAN-VPN port | 40-VLAN-VPN |
New HWPing commands, including: adv-factor, datafill, description, display hwping statistics, filesize, history keep-time, history-record enable, hwping-agent clear, hwping-agent max-requests, sendpacket passroute, statistics, statistics keep-time, test-time begin, and ttl. | 41-HWping |
LLDP | 46-LLDP |
PKI | 47-PKI |
SSL | 48-SSL |
HTTPS | 49-HTTPS |
Conventions
Command conventions
Convention | Description |
Boldface | The keywords of a command line are in Boldface. |
italic | Command arguments are in italic. |
[ ] | Items (keywords or arguments) in square brackets [ ] are optional. |
{ x | y | ... } | Alternative items are grouped in braces and separated by vertical bars. One is selected. |
[ x | y | ... ] | Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected. |
{ x | y | ... } * | Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected. |
[ x | y | ... ] * | Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected. |
&<1-n> | The argument(s) before the ampersand (&) sign can be entered 1 to n times. |
# | A line starting with the # sign contains comments. |
Command line interface (CLI) commands of H3C products are case insensitive.
GUI conventions
Convention | Description |
Boldface | Window names, button names, field names, and menu items are in Boldface. For example, the New User window appears; click OK. |
> | Multi-level menus are separated by angle brackets. For example, File > Create > Folder. |
Symbols
Convention | Description |
| Means reader be extremely careful. Improper operation may cause bodily injury. |
| Means reader be careful. Improper operation may cause data loss or damage to equipment. |
| Means a complementary description. |
| Means techniques helpful for you to make configuration with ease. |
2 H3C S3600 Series Documentation Guide
Obtaining the Documentation
You can obtain the H3C S3600 series documentation in these ways:
l CD-ROMs shipped with the devices
l H3C website
l Software release notes
CD-ROM
H3C delivers a CD-ROM together with each device. The CD-ROM contains a complete set of electronic documents of the product, including operation manuals and command manuals. After installing the reader program provided by the CD-ROM, you can search for the desired contents in a convenient way through the reader interface.
The contents in the manual are subject to update on an irregular basis due to product version upgrade or some other reasons. Therefore, the contents in the CD-ROM may not be the latest version. This manual serves the purpose of user guide only. Unless otherwise noted, all the information in the document set does not claim or imply any warranty. For the latest software documentation, go to the H3C website.
H3C Website
To obtain up-to-date documentation and technical support, go to http://www.h3c.com.
Go to the following columns for different categories of product documentation:
[Products & Solutions]: Provides information about products and technologies, as well as solutions.
[Technical Support & Document > Technical Documents]: Provides several categories of product documentation, such as installation, configuration, and maintenance.
[Technical Support & Document > Software Download]: Provides the documentation released with the software version.
Software Release Notes
With software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes.
Related Documentation
Use the documents listed in Table 2-1 together with H3C S3600 Series Ethernet Switches Operation Manual to make full use of the benefits delivered by the S3600 series.
Table 2-1 Related documentation
Document title | Description |
H3C S3600 Series Ethernet Switches Command Manual-Release 1702 | Describes the commands for the S3600 Series Ethernet Switches. A master index of all commands covered by the whole manual is provided for the ease of retrieval. |
H3C S3600 Series Ethernet Switches Installation Manual | Describes the physical views and hardware specifications of the H3C S3600 series switches, and guides you through the installation, power-on and startup, troubleshooting and maintenance procedures. |
H3C S3600 Series Ethernet Switches Compliance and Safety Manual | Provides the safety and regulatory compliance statements, and describes the protection actions that you must take when installing and maintaining the H3C S3600 series switches. |
H3C Low-End Ethernet Switches Configuration Guide | Describes the typical application scenarios, and provides configuration examples and configuration guidelines. |
Finding Documents at the H3C Website
All these documents are available at the H3C website:
l For software feature descriptions and configuration procedures, see H3C S3600 Series Ethernet Switches Operation Manual.
l For command reference, see H3C S3600 Series Ethernet Switches Command Manual.
l For hardware specifications, installation, and troubleshooting, see H3C S3600 Series Ethernet Switches Installation Manual.
l For typical application scenarios, configuration examples, and configuration guidelines, see H3C Low-End Ethernet Switches Configuration Guides.
Documentation Feedback
You can e-mail your comments about product documentation to [email protected].
We appreciate your comments.
Product Overview
The H3C S3600 Series Ethernet Switches are multilayer switching products. They support abundant Layer 3 features and enhanced extended functions, in addition to Layer 2 features. The switches come in two series:
l The S3600-SI series supports basic routing functions, DHCP, basic IRF functions, and IGMP-Snooping.
l The S3600-EI series supports advanced routing functions, DHCP, enhanced IRF functions, and enhanced multicast functions (including PIM-DM and PIM-SM).
See Table 3-1 for all S3600 switch models and their basic hardware specifications.
Table 3-1 S3600 switch hardware summary
Model | Power supply unit (PSU) | Number of service ports | Number of 100 Mbps ports | Number of 1,000 Mbps uplink ports | Console port |
H3C S3600-28P-SI | AC-input | 28 | 24 10/100 Mbps ports (electrical) | 4 Gigabit (SFP) ports | 1 |
H3C S3600-28P-PWR-SI | AC-/DC-input | 28 | 24 10/100 Mbps ports (electrical) | 4 Gigabit (SFP) ports | 1 |
H3C S3600-28TP-SI | AC-input | 28 | 24 10/100 Mbps (electrical) | 2 Gigabit (SFP) ports 2 x 10/100/1,000 Mbps ports (electrical) | 1 |
H3C S3600-52P-SI | AC-input | 52 | 48 10/100 Mbps (electrical) | 4 Gigabit (SFP) ports | 1 |
H3C S3600-28P-EI | AC-/DC-input | 28 | 24 10/100 Mbps ports (electrical) | 4 Gigabit (SFP) ports | 1 |
H3C S3600-28F-EI | AC-/DC-input | 28 | 24 100 Mbps (SFP) ports | 2 Gigabit (SFP) ports 2 10/100/1,000 Mbps ports (electrical) | 1 |
H3C S3600-28P-PWR-EI | AC-/DC-input | 28 | 24 10/100 Mbps ports (electrical) | 4 Gigabit (SFP) ports | 1 |
H3C S3600-52P-EI | AC-/DC-input | 52 | 48 10/100 Mbps ports (electrical) | 4 Gigabit ports (SFP) | 1 |
H3C S3600-52P-PWR-EI | AC-/DC-input | 52 | 48 10/100 Mbps ports (electrical) | 4 Gigabit (SFP) ports | 1 |
H3C S3600-52P-PWR-SI | AC-/DC-input | 52 | 48 10/100 Mbps ports (electrical) | 4 Gigabit (SFP) ports | 1 |
Network Scenarios
You can deploy the S3600 series on many types of networks, such as enterprise and broadband access networks. This section describes several typical application scenarios for the S3600 series.
Broadband Ethernet Access for Residential Communities
Deploy an S3600 series switch at the center of the broadband access network for a residential community. Connect the switch to the access S3100 series switches to reach end users, and to an upstream core Layer 3 switch through a GE port to access the MAN backbone.
Figure 3-1 Community access network
Branch or Small- to Medium-Sized Enterprise Networks
Deploy the S3600 series switches as backbone switches on a branch or small-to medium-sized enterprise network. Connect the switches to the headquarters or other branches through routers. As the business grows, you can cascade the S3600 series to extend the network.
Figure 3-2 Branch or small-to medium-sized enterprise network
Large Enterprise and Campus Networks
Deploy the S3600 series switches at the distribution layer of a large enterprise or campus network to implement Gigabit-to-backbone and 100 Mbps-to-desktop together with other H3C switches. Connect the S3600 switches to the access Layer 2 switches (for example, the S3100 series), and to the core Layer 3 switches through GE ports.
Figure 3-3 S3600 series application in a large enterprise or campus network
