- Table of Contents
-
- H3C S3600 Operation Manual-Release 1602(V1.02)
- 00-1Cover
- 00-2Product Overview
- 01-CLI Operation
- 02-Login Operation
- 03-Configuration File Management Operation
- 04-VLAN Operation
- 05-IP Address and Performance Operation
- 06-Voice VLAN Operation
- 07-GVRP Operation
- 08-Port Basic Configuration Operation
- 09-Link Aggregation Operation
- 10-Port Isolation Operation
- 11-Port Security-Port Binding Operation
- 12-DLDP Operation
- 13-MAC Address Table Management Operation
- 14-Auto Detect Operation
- 15-MSTP Operation
- 16-Routing Protocol Operation
- 17-Multicast Operation
- 18-802.1x and System Guard Operation
- 19-AAA Operation
- 20-Web Authentication Operation
- 21-MAC Address Authentication Operation
- 22-VRRP Operation
- 23-ARP Operation
- 24-DHCP Operation
- 25-ACL Operation
- 26-QoS-QoS Profile Operation
- 27-Web Cache Redirection Operation
- 28-Mirroring Operation
- 29-IRF Fabric Operation
- 30-Cluster Operation
- 31-PoE-PoE Profile Operation
- 32-UDP Helper Operation
- 33-SNMP-RMON Operation
- 34-NTP Operation
- 35-SSH Operation
- 36-File System Management Operation
- 37-FTP-SFTP-TFTP Operation
- 38-Information Center Operation
- 39-System Maintenance and Debugging Operation
- 40-VLAN-VPN Operation
- 41-HWPing Operation
- 42-IPv6 Management Operation
- 43-DNS Operation
- 44-Smart Link-Monitor Link Operation
- 45-Access Management Operation
- 46-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
00-2Product Overview | 205.29 KB |
2 Correspondence Between Documentation and Software
Broadband Ethernet Access for Residential Communities
Application for Connecting Branches or Small- to Medium-Sized Enterprises
Application in Large Enterprise and Campus Networks
Hangzhou H3C Technologies Co., Ltd. (hereafter referred to as H3C) provides various ways for you to obtain product documents and new feature releases in a convenient and timely manner. The documentations are available with:
l CD-ROMs shipped with the devices
l H3C website
l Software release notes
CD-ROM
H3C delivers a CD-ROM together with each device. The CD-ROM contains a complete set of electronic documents of the product, including operation manuals and command manuals. After installing the reader program provided by the CD-ROM, you can search for the desired contents in a convenient way through the reader interface.
The contents in the manual are subject to update on an irregular basis due to product version upgrade or some other reasons. Therefore, the contents in the CD-ROM may not be the latest version. This manual serves the purpose of user guide only. Unless otherwise noted, all the information in the document set does not claim or imply any warranty. For the latest software documentation, go to the H3C website.
H3C Website
Perform the following steps to query and download the product documentation from the H3C website.
Table 1-1 Acquire product documentation from the H3C website
How to apply for an account |
Access the homepage of H3C at http:// www.h3c.com and click the Registration link at the top right. In the displayed page, provide your information and click Submit. |
How to get documentation |
Approach 1: In the homepage of H3C at http:// www.h3c.com, select Technical Support & Document > Technical Documents from the navigation menu at the top. Then select a product for its documents. Approach 2: In the homepage of H3C at http:// www.h3c.com, select Support > Technical Documents. Then select a product for its documents. |
Software Release Notes
With software upgrade, new software features may be added. You can acquire the information about the newly added software features through software release notes.
Software Version
H3C S3600 Series Ethernet Switches Operation Manual-Release 1602 and H3C S3600 Series Ethernet Switches Command Manual-Release 1602 are for the software version of Release1602 of the S3600 series products.
l Compared with Release 1510, many new features are added in Release 1602. For details, refer to Table 2-1.
l Compared with Release 1510, a feature is removed from Release 1602. For details, refer to Table 2-2.
l Compared with Release 1510, three features are modified in Release 1602. For details, refer to Table 2-3.
Table 2-1 Added features in Release 1602
Added feature in Release 1602 |
Manual |
01-CLI |
|
Copyright information is displayed when a Telnet user logs in |
02-Login |
Banner information is displayed when a user logs in through Web |
|
Auto-negotiation rate configuration for the current port |
08-Port Basic Configuration |
The port up/down log output function is removed |
|
Packet traffic threshold configuration for ports |
|
Display of the statistics of discarded packets on ports |
|
Configuration of the delay time of sending state-change traps for the current port |
|
Inter-device port isolation |
10-Port Isolation |
New port security modes: macAddressAndUserLoginSecure and macAddressAndUserLoginSecureExt |
11-Port Security-Port Binding |
Destination MAC address update |
13-MAC Address Table Management |
STP maintainability |
15-MSTP |
802.1d-compliant traps |
|
Configuration of the Type-7 LSAs converter features in an NSSA zone |
16-Routing Protocol |
Support of unicasting protocol messages in a P2MP network |
|
Multicast data packet cache mechanism |
17-Multicast Protocol |
Support of multicast source lifetime configuration |
|
Support of IGMPv3 Snooping |
|
Support of suppressing flooding of unknown multicast traffic in the VLAN |
|
Support of static member port configuration |
|
Support of static router port configuration |
|
Support of VLAN tag configuration for query messages |
|
Online user handshake |
18-802.1x and System-Guard |
Support of 802.1x re-authentication configuration |
|
Support of 802.1x re-authentication timeout configuration |
|
Quick deployment of EAD |
|
Support of domain delimiter configuration |
19-AAA |
Support of HWTACACS scheme configuration for ISP domain user level switching |
|
Setting of MAC address format of the Calling-Station-Id (Type 31) field in RADIUS packets |
|
Web authentication |
20-Web Authentication |
Support of fixed password configuration when a MAC address is used as a user name |
21-MAC Address Authentication |
Enhanced MAC authentication functions |
|
Display of detailed backup group information |
22-VRRP |
ARP attack detection |
23-ARP |
ARP packet rate limiting |
|
Support of sending gratuitous ARP packets periodically |
|
Proxy ARP |
|
Configuration of the TFTP server address and bootfile name for DHCP clients that support auto-configuration |
24-DHCP |
Support of Option 82 in DHCP Snooping |
|
IP filtering |
|
DHCP packet rate limiting |
|
Applying ACLs to VLANs |
25-ACL |
Configuration of inner VLAN information for Layer 2 ACLs |
|
VLAN mapping |
26-QoS-QoS Profile |
Configuration of burst traffic for port rate limiting and traffic policing |
|
Configuration of priority remarking in VLANs |
|
Redirecting traffic to an aggregation port group and removing the outer VLAN tag after the traffic is redirected to the uplink port or the aggregation port group |
|
Burst function |
|
Configuration of IRF automatic fabric |
29-IRF Fabric |
Online upgrade of PSE processing software |
31-PoE-PoE Profile |
Creating a MIB view with the mask of a MIB subtree |
33-SNMP-RMON |
Encrypting a plain-text password |
|
Adding interface description and interface type in linkUp/linkDown Trap message |
|
Support of the DSA asymmetric key algorithm |
35-SSH |
Banner information of the FTP server |
37-FTP-SFTP-TFTP |
Displaying timestamp with the UTC time zone |
38-Information Center |
Configuration of real-time monitoring of system running status |
39-System Maintenance and Debugging |
Hot patching |
|
Viewing and diagnosing hot-pluggable transceivers |
|
Selective QinQ |
40-VLAN-VPN |
Support of multiple types of protocol packets for BPDU Tunneling |
|
Customizing tunnel packet MAC addresses |
|
Eight test types are added in HWPing, including DHCP test, FTP test, HTTP test, DNS test, SNMP test, Jitter test, TCP test, and UDP test |
41-HWping |
Maximum number of history records that can be saved |
|
IPv6 management |
42-IPv6 Management |
Smart Link |
44-Smart Link-Monitor Link |
Monitor Link |
Table 2-2 Deleted feature from Release 1602
Deleted feature |
Manual |
CLI language mode setting |
39-System Maintenance and Debugging |
Table 2-3 Modified features in Release 1602
Modified feature |
Manual |
Support of up to 128 characters in a domain name, compared with the original 24 characters |
19-AAA |
Sequence of selecting Web files |
36-File System Management |
Keywords of five commands |
22-VRRP |
Manual List
Manual name |
H3C S3600 Series Ethernet Switches Installation Manual |
H3C S3600 Series Ethernet Switches Operation Manual-Release 1602 |
H3C S3600 Series Ethernet Switches Command Manual-Release 1602 |
Preface
H3C S3600 Series Ethernet Switches are Ethernet equipment capable of multilayer switching. They come in two series: S3600-SI and S3600-EI. In addition to the basic service features, S3600 Series Ethernet switches support abundant Layer 3 features and enhanced extended functions.
l S3600-SI series switches support basic routing functions, DHCP, basic IRF functions and IGMP-Snooping.
l S3600-EI series switches support advanced routing functions, DHCP, enhanced IRF functions, and enhanced multicast functions (including PIM-DM and PIM-SM).
Switch Models
Table 3-1 lists the S3600 series Ethernet Switches models.
Table 3-1 Models in the S3600 series
Model |
Power supply unit (PSU) |
Number of service ports |
Number of 100 Mbps ports |
Number of 1,000 Mbps uplink ports |
Console port |
H3C S3600-28P-SI |
AC-input |
28 |
24 10/100 Mbps ports (electrical) |
4 Gigabit (SFP) ports |
1 |
H3C S3600-28P-PWR-SI |
AC-/DC-input |
28 |
24 10/100 Mbps ports (electrical) |
4 Gigabit (SFP) ports |
1 |
H3C S3600-28TP-SI |
AC-input |
28 |
24 10/100 Mbps (electrical) |
2 Gigabit (SFP) ports 2 x 10/100/1,000 Mbps ports (electrical) |
1 |
H3C S3600-52P-SI |
AC-input |
52 |
48 10/100 Mbps (electrical) |
4 Gigabit (SFP) ports |
1 |
H3C S3600-28P-EI |
AC-/DC-input |
28 |
24 10/100 Mbps ports (electrical) |
4 Gigabit (SFP) ports |
1 |
H3C S3600-28F-EI |
AC-/DC-input |
28 |
24 100 Mbps (SFP) ports |
2 Gigabit (SFP) ports 2 10/100/1,000 Mbps ports (electrical) |
1 |
H3C S3600-28P-PWR-EI |
AC-/DC-input |
28 |
24 10/100 Mbps ports (electrical) |
4 Gigabit (SFP) ports |
1 |
H3C S3600-52P-EI |
AC-/DC-input |
52 |
48 10/100 Mbps ports (electrical) |
4 Gigabit ports (SFP) |
1 |
H3C S3600-52P-PWR-EI |
AC-/DC-input |
52 |
48 10/100 Mbps ports (electrical) |
4 Gigabit (SFP) ports |
1 |
H3C S3600-52P-PWR-SI |
AC-/DC-input |
52 |
48 10/100 Mbps ports (electrical) |
4 Gigabit (SFP) ports |
1 |
Software Features
S3600 Series Ethernet Switches have abundant software features and can meet the requirements of different applications. Table 3-2 summarizes the features provided by each module.
Table 3-2 Service features of the S3600 series
Part |
Features |
1 CLI |
l CLI l Hierarchically grouped commands l CLI online help |
2 Login |
l Logging into a switch through the Console port l Logging into a switch through an Ethernet port by using Telnet or SSH l Logging into a switch through the Console port by using modem l Logging into a switch through Web or NMS l Controlling user login using ACL |
3 Configuration File Management |
l Saving, restoring, and deleting the configuration file |
4 VLAN |
l IEEE 802.1Q-compliant VLAN l Port-based VLAN l Protocol-based VLAN |
5 IP Address and Performance Configuration |
l Configuring an IP address for a switch l Configuring the TCP attributes for a switch l Enabling/disabling the switch to receive directed broadcasts |
6 Voice VLAN |
l Voice VLAN |
7 GVRP |
l GARP VLAN registration protocol (GVRP) |
8 Port Basic Configuration |
l Configuring port auto-negotiation rate l Limiting traffic on a port l Setting broadcast storm suppression globally l Loopback detection supported l Cable test |
9 Link Aggregation |
l Link aggregation control protocol (LACP) |
10 Port Isolation |
l Port isolation group |
11 Port Security-Port Binding |
l Multiple security modes l MAC address-to-IP address-to-port binding |
12 DLDP |
l Device link detection protocol (DLDP) |
13 MAC Address Table |
l Manually configuring dynamic, static, and black hole MAC addresses l Configuring the aging time for MAC addresses l MAC address learning limit |
14 Auto Detect |
l Auto detect l Auto detect applications in static routing, VRRP, and VLAN interface backup (only S3600-EI supports auto detect in VRRP) |
15 MSTP |
l STP/RSTP/MSTP l The following guard functions are available on an MSTP-enabled switch: BPDU guard, root guard, loop guard, TC-BPDU attack guard, and BPDU drop l Digest snooping l Rapid transition l VLAN-VPN TUNNEL l H3C-proprietary MSTP path cost standard |
16 Routing Protocols. |
l Static route l Routing information protocol (RIP) v1/v2 l Open shortest path first (OSPF) (S3600-EI series switches only) l Routing policy l Route capacity limiting (S3600-EI series switches only) |
17 Multicast |
l Internet group management protocol snooping (IGMP Snooping) l Internet group management protocol (IGMP) (S3600-EI series switches only) l Protocol-independent multicast-dense mode (PIM-DM) (S3600-EI series switches only) l Protocol-independent multicast-sparse mode (PIM-SM) (S3600-EI series switches only) l MSDP (S3600-EI series switches only) |
18 802.1x and System Guard |
l 802.1X authentication l Guest VLAN l Quick deployment of EAD l Huawei authentication bypass protocol (HABP) l System guard |
19 AAA |
l Authentication, authorization, and accounting (AAA) l Remote authentication dial-In user service (RADIUS) l Huawei terminal access controller access control system (HWTACACS) |
20 Web Authentication |
l Web authentication |
21 MAC Address Authentication |
l MAC address authentication l Enhanced MAC address authentication |
22 VRRP |
l Virtual router redundancy protocol (VRRP) (S3600-EI series switches only) |
23 ARP |
l Gratuitous ARP l Sending gratuitous ARP packets periodically l Manually configuring ARP entries l ARP attack detection l ARP packet rate limiting l Proxy ARP l Resilient ARP |
24 DHCP |
l DHCP client/BOOTP client l DHCP server (S3600-EI series switches only) l DHCP relay l DHCP Snooping l DHCP accounting l Using Option184 in DHCP server (S3600-EI series switches only) l Using Option82 in DHCP relay and DHCP Snooping l DHCP packet rate limitation |
25 ACL |
l Basic ACLs l Advanced ACLs l Layer 2 ACLs l User-defined ACLs l Applying ACLs on ports l Applying ACLs to VLANs |
26 QoS-QoS Profile |
l Quality of Service (QoS) l QoS profile |
27 Web Cache Redirection |
l (Supported by S3600-EI series only) |
28 Mirroring |
l Traffic mirroring l Local port mirroring l Remote port mirroring (S3600-EI series switches only) |
29 IRF Fabric |
l IRF Fabric l Stack port optional l Peer end detection for stack ports |
30 Cluster |
l Huawei group management protocol (HGMP) v2 l Neighbor discovery protocol (NDP) l Neighbor topology discovery protocol (NTDP) |
31 PoE-PoE Profile |
l Power over Ethernet (PoE) l PoE profile |
32 UDP Helper |
l Forwarding UDP broadcast packets by using UDP Helper |
33 SNMP-RMON |
l Simple network management protocol (SNMP) v3, compatible with SNMP v1/v2 l Support of Trap parameters configuration l Remote monitoring (RMON) |
34 NTP |
l Network time protocol (NTP) |
35 SSH Terminal Service |
Secure shell (SSH) v2.0, compatible with SSHv1.5 |
36 File System Management |
l File system configuration l File attribute configuration l Configuration file backup and restoration |
37 FTP-SFTP-TFTP |
l Operating as an FTP server/FTP client l Operating as an SFTP server/SFTP client l Operating as a TFTP client |
38 Information Center |
l System logs l Hierarchical alarms l Debugging information output |
39 System Maintenance and Debugging |
l Loading Boot ROM and software in multiple ways l Basic system configuration and debugging l Network connectivity test l Device management |
40 VLAN-VPN |
l VLAN VPN (QinQ) l Selective QinQ l BPDU Tunnel l Configuring VLAN VPN interior-layer priority replication l Configuring TPID value |
41 HWPing |
l Operating as a HWPing server/HWPing client l Nine test types, including ICMP test, DHCP test, FTP test, HTTP test, DNS test, SNMP test, jitter test, TCP test, and UDP test |
42 IPv6 Management |
l IPv6 management l IPv6 static route l IPv6 DNS |
43 DNS |
l IPv4 Domain Name System (DNS) |
44 Smart Link-Monitor Link |
l Smart Link l Monitor Link |
45 Access Management |
Configuring the access IP address pool based on the physical port |
You can deploy S3600 series on many types of networks, such as enterprise networks and broadband access networks. Following are several typical networking applications.
Broadband Ethernet Access for Residential Communities
On the broadband access network of a residential community, an S3600 series switch is located in the center. It is downlinked to S3100 series switches to reach the Ethernet users and uplinked to a core Layer 3 switch through a GE extension module to connect to the MAN backbone.
Figure 4-1 Connecting community Ethernet to MAN using S3600 series
Application for Connecting Branches or Small- to Medium-Sized Enterprises
For small-to medium-sized enterprises or branches of a large enterprise, S3600 series switches can server as the backbone switches on their networks and can be connected to the headquarters or other branches through routers. As the enterprise size increases, the network also can expand by subtending the S3600 series.
Figure 4-2 S3600 series switches application in branch network of midsize/large enterprise
Application in Large Enterprise and Campus Networks
In a large enterprise or campus network, the S3600 series switches can operate on the convergence layer. They are downlinked to layer 2 switches, S3100 Series for example; and uplinked to a layer 3 switch through GE expansion modules. These switches together provide a network-wide intranet solution that covers Gigabit-to-backbone and 100 Mbps-to-desktop.
Figure 4-3 S3600 series application in large enterprise and campus network