The port isolate configuration of the H3C switch

The port isolate configuration of the H3C switch

Through the port isolation JD320B price characteristics, users will be able to control the portinto a separate group, the realization of the two layer data isolation betweenisolated group in the port, can enhance the security of the network, thenetwork also provides flexible schemes for users.

For example to the port configuration:

1 network demand

Residential users, PC3, PC4 PC2 Ethernet1/0/2, Ethernet1/0/3, Ethernet1/0/4Ethernet ports are connected with the switch

L switch Ethernet1/0/1 port is connected with an external network through

Between L PC2, PC3 and PC4 cell users cannot exchange

2 network diagram

3 The configuration steps:

# the Ethernet port Ethernet1/0/2, Ethernet1/0/3, Ethernet1/0/4 into isolatedgroup.

<H3C> System-View

System View: return to User View with Ctrl+Z.

[H3C] interface ethernet1/0/2

[H3C-Ethernet1/0/2] port isolate

[H3C-Ethernet1/0/2] quit

[H3C] interface ethernet1/0/3

[H3C-Ethernet1/0/3] port isolate

[H3C-Ethernet1/0/3] quit

[H3C] interface ethernet1/0/4

[H3C-Ethernet1/0/4] port isolate

[H3C-Ethernet1/0/4] quit

[H3C]

# display isolated group of port information.

<H3C> display isolate port

Isolated port (s) on UNIT 1:

Ethernet1/0/2, JG315A price Ethernet1/0/3, Ethernet1/0/4

More information, please view :http://momopp.blogdetik.com/

Configuration DHCP server instance of the Cisco switch 3750

Network environment: a 3550EMI switches, cisco1921-sec/k9 divided into three VLAN, vlan2 as the server in the network, named server, IP address ranges for 192.168.2.0,subnet mask: 255.255.255.0, gateway: 192.168.2.1, domain server for the windows 2000 advance server, at the same time as the DNS server, IPaddress for 192.168.2.10, vlan3 for the client 1 local network, IP address is192.168.3.0, subnet mask: 255.255.255.0, gateway: 192.168.3.1 named work01, vlan4 as the client 2 where the network, named work02, IP address ranges for 192.168.4.0, subnet mask: 255.255.255.0, gateway:192.168.4.13550 as DHCP server, 1-8 into the VLAN port 2, port 9-16 partitionto VLAN 3, port 17-24 into VLAN 4

To realize the function of DHCP server: the VLAN retains the 2-10 IP addressis not configured, for example: 192.168.2.0 segment, reserved IP address192.168.2.2 to 192.168.2.10 are not assigned.

Safety requirements: VLAN 3 and VLAN 4 are not allowed to visit each other,but they can access the server in VLAN 2, the default access control list ofrules is to reject all packets.

Configuration commands and steps are as follows:

The first step: create VLAN:

Switch>en

Switch#Vlan Database

Switch (Vlan) >Vlan 2 Name server

Switch (Vlan) >Vlan 3 Name work01

Switch (VLAN) >Vlan 4 Name work02

The second step: setting the VLAN IP address:

Switch#Config T

Switch (Config) >Int Vlan 2

Switch (Config-vlan) Ip Address 192.168.2.1 255.255.255.0

Switch (Config-vlan) No Shut

Switch (Config-vlan) >Int Vlan 3

Switch (Config-vlan) Ip Address 192.168.3.1 255.255.255.0

Switch (Config-vlan) No Shut

Switch (Config-vlan) >Int Vlan 4

Switch (Config-vlan) Ip Address 192.168.4.1 255.255.255.0

Switch (Config-vlan) No Shut

Switch (Config-vlan) Exit

/ * Note: since no port configuration to the VLAN2, 3, 4, so the VLAN will beDOWN off, the port assigned to each VLAN, VLAN up.

The third step: set port global parameters

Switch (Config) Interface Range Fa 0/1 24

Switch (Config-if-range) Switchport Mode Access

Switch (Config-if-range) Spanning-tree Portfast

The fourth step: the port is added to the VLAN2, 3, 4

/ * the port 1-8 is added to the VLAN 2*/

Switch (Config) Interface Range Fa 0/1 8

Switch (Config-if-range) Switchport Access Vlan 2

/ * the port 9-16 is added to the VLAN 3*/

Switch (Config) Interface Range Fa 0/9 16

Switch (Config-if-range) Switchport Access Vlan 3

/ * the port 17-24 is added to the VLAN 4*/

Switch (Config) Interface Range Fa 0/17 24

Switch (Config-if-range) Switchport Access Vlan 4

Switch (Config-if-range) Exit

/ * after this step, the VLAN will rise.

The fifth step: 3550 as the DHCP server configuration

/*VLAN 2 can address pool and the corresponding parameters configuration, a few VLAN to a few address pool.

Switch (Config) Ip Dhcp Pool Test01

/ * * / set the subnet can be assigned

Switch (Config-pool) Network 192.168.2.0 255.255.255.0

/ * set the DNS server.

Switch (Config-pool) Dns-server 192.168.2.10

Gateway / / set the subnet

Switch (Config-pool) Default-router 192.168.2.1

/ * configuration VLAN 3 used by the address pool and the corresponding parameters.

Switch (Config) Ip Dhcp Pool Test02

Switch (Config-pool) Network 192.168.3.0 255.255.255.0

Switch (Config-pool) Dns-server 192.168.2.10

Switch (Config-pool) Default-router 192.168.3.1

/ * configuration VLAN 4 used by the address pool and the corresponding parameters.

Switch (Config) Ip Dhcp Pool Test03

Switch (Config-pool) Network 192.168.4.0 255.255.255.0

Switch (Config-pool) Dns-server 192.168.2.10

Switch (Config-pool) Default-router 192.168.4.1

The sixth step: setting the reserved not allocate DHCP address

Switch (Config) Ip Dhcp Excluded-address 192.168.2.2 192.168.2.10

Switch (Config) Ip Dhcp Excluded-address 192.168.3.2 192.168.3.10

Switch (Config) Ip Dhcp Excluded-address 192.168.4.2 192.168.4.10

The seventh step: enable routing

/ * routing is enabled, the VLAN host can access each other.

Switch (Config) Ip Routing

The eighth step: Configuration Access Control List

Switch (Config) access-list 103 permit IP 192.168.2.0 0.0.0.255 192.168.3.00.0.0.255

Switch (Config) access-list 103 permit IP 192.168.3.0 0.0.0.255 192.168.2.00.0.0.255

Switch (Config) access-list 103 permit UDP any any EQ bootpc

Switch (Config) access-list 103 permit UDP any any EQ TFTP

Switch (Config) access-list 103 permit UDP any EQ bootpc any

Switch (Config) access-list 103 permit UDP any EQ TFTP any

Switch (Config) access-list 104 permit IP 192.168.2.0 0.0.0.255 192.168.4.00.0.0.255

Switch (Config) access-list 104 permit IP 192.168.4.0 0.0.0.255 192.168.2.00.0.0.255

Switch (Config) access-list 104 permit UDP any EQ TFTP any

Switch (Config) access-list 104 permit UDP any EQ bootpc any

Switch (Config) access-list 104 permit UDP any EQ bootpc any

Switch (Config) access-list 104 permit UDP any EQ TFTP any

The ninth step: the application of access control list

/ * the access control list to VLAN 3 and VLAN 4, VLAN 2 does not need.

Switch (Config) Int Vlan 3

Switch (Config-vlan) IP access-group 103 out

Switch (Config-vlan) Int Vlan 4

Switch (Config-vlan) IP access-group 104 out

The tenth step: the end and save the configuration

Switch (Config-vlan) End ws-c2960-48pst-l price

Switch#Copy Run Start

switch and router : http://ciscoswitches.webgarden.com/

What are the features of the H3C S5500 SI

The H3C S5500-SI Series Ethernet Switches include the following

models: S5500-28C-SI S5500-52C-SI, S5500-28C-PWR-SI and

S5500-52C-PWR-SI.,

H3C S5500-28C-SI/S5500-28C-PWR-SI has 24 Ethernet 10/100/1000

Base-T ports, 4 1000 BASE-X SFP (combo) and two expansion slots.

H3C S5500-48C-SI/S5500-48C-PWR-SI have 48 Ethernet 10/100/1000

Base-T ports, 4 1000 BASE-X SFP (combo) JG238A  and two expansion slots.

S5500-28C-PWR-SI/S5500-48C-PWR-SI model supports PoE, which

transmits Power over Ethernet to endpoint-devices.

Features:

Supports both IPv4 and IPv6

Full wire-speed, multi-layer switching

Excellent PoE (Power over Ethernet) Supply Function

H3C S5500-SI series supplies PoE function for endpoint devices, providing power over copper Ethernet cable to endpoint (Powered Device, such as IP phone, WLAN AP).

The H3C S5500-SI Series supports EAD (Endpoint Admission Defense), supports 802.1x authentication to identify users who attempt to access the network. supports Centralized MAC address authentication, which controls accesses to a network through ports and MAC addresses. supports the Guest VLAN function. Supports STP/RSTP and multi-VLAN based MSTP. Supports Smart Link to provide rapidconvergence. Supports H3C’s rapid ring protection protocol (RRPP). Support link-aggregation (including manual link aggregation and LACP), which is a simple and cost efficient way to expand the bandwidth of a switch port and balance the traffic among all the ports in a link aggregation.

Abundant QoS policies

The H3C S5500-SI Series supports L2~L4 complex flow classification based on source MAC address/destination MAC address/source IP address/destination IP address/ports/protocols.

The H3C S5500-SI Series supports flexible queue scheduling algorithms, which can be set on the basis of port and queue at the same time. They support Strict Priority (SP), Weighted Round

Robin (WRR) and SP +WRR.

The H3C S5500-SI Series supports Committed Access Rate (CAR) and limits the traffic speed at 64Kbit/s granularity.

The H3C S5500-SI Series supports packet redirection

The H3C S5500-SI Series supports remarking of 802.1p and DSCP priorities. Diversified System Configuration and Management Modes

The H3C S5500-SI Series supports Simple Network Management

Protocol (SNMP) v1/v2/v3 and RMON (Remote Monitoring) v1,

1/2/3/9 groups of MIBs, supports Command Line Interface (CLI), Web based network management, modem dial-up and Telnet, supports HGMP V2 cluster management.

After enabling HGMP V2, the network administrator can manage several member switches through one command switch and only the command switch needs a public network IP address. This can offer significant conservation of public JG239A  IP addresses and

increased network efficiency

More information, please view:http://www.h3network.com/5500-si-ei-hi-switch-price_c5
http://cisco2960.soulcast.com/

Question about the feature of the Huawei OSN 6800

Questions:

1, What access are the OSN 6800 support?

2, Can the OptiX OSN 6800/3800 supports the innovative three-level traffic grooming infrastructure?

Answers:

1, The OptiX OSN 6800/3800 employs the ITU-T digital wrapper protocol that allows transparent access of various protocols, such as IP/Ethernet, ATM, SDH, and ESCON, and services at different bit rates such as 16 Mbit/s, 5 Gbit/s, 10 Gbit/s, 40 Gbit/s, and 100 Gbit/s. With multiprotocol wavelength technology, the OptiX OSN 6800/3800 can transmit services of various types (voice, data, storage, and video), in line with the evolution from TDM to Ethernet/data services.

2, Yes, the OptiX OSN 6800/3800 supports the innovative three-level traffic grooming infrastructure, which integrates dynamic optical cross-connections (multi-dimensional ROADM), Huawei WDM flexible electrical-layer grooming (any ADM), and embedded Layer 2 data processing.

http://fering.metroblog.com/

Does the OptiX OSN 8800 has the multi-service OTN (MS-OTN) feature?

Yes, the OptiX OSN 8800 has the multi-service OTN (MS-OTN) feature: Cross-connections of OTN/SDH/packet services on centralized cross-connect boards. Flexible transmission of OTN, SDH, and packet services to improve board utilization efficiency.

More, the OptiX OSN 8800 supports OSNR/CD/PMD/optical power monitoring of any channel on 10G/40G/100G networks and real-time online monitoring of optical parameters, to improve network operation and maintenance (O&M) efficiency.

Source: http://www.huanetwork.com/huawei-osn8800-price_p3769.html

More information, please view:

http://www.christmasonmarsmovie.com/blog/12061

H3C router configuration base knowledge

H3C router preliminary landing JD373A can be used as Cisco basically, no difference, but also the use of the super terminal landing, network equipmentmanufacturers have any basically is to carry out the design of the use of the super terminal.

1 use console to set the initial configuration

2 set telnet configuration environment

2.1 use HyperTerminal to set the relevant information

System-View

Interface e8/0

IP add 192.168.100.1 255.255.255.0

Quit

User-interface vty 04

Authentication-mode password

Local-user Jia password simpel Jia

Local-user Jia service-type telnet

Local-user Jia level 3

[local-user Jia

Password Jia

Service-type telnet HP JD374A 

Level 3

]

More information, please view: http://www.h3network.com

How to downgrade/upgrade AIR-LAP1142N-N-K9 to autonomous mode

Question: Please guide me how to downgrade/upgrade AIR-LAP1142N-N-K9 access point to autonomous mode, because i don't have controller. i'm not able to login to access point as its in Leightweight mode.

Answer: Console into your AP and in enable mode, enter the command "dir flash:"

You'll see two IOS files, one with the "rcv" the other with "k9w7". Delete the directory that contains the "rcv" using the command "delete /f /r flash:<directory>" cisco1921-sec/k9 and reboot the AP.

Source: http://www.3anetwork.com/cisco-air-lap1142n-n-k9-price_p830.html

H3C S3600-SI switch Networking Applications

1: the application of IRF Technology

Using IRF technology can achieve buy JG305A convergence and the access layer of highelasticity and high reliability. Implementation of distributed forwardingarchitecture through multiple S3600 series switch, equipment the forwarding table 1:N backup, fast healing uninterrupted forwarding and routing implementation failure. Through the IRF to achieve true performance in the extended user port at the same time synchronization lifting, unified devicemanagement and synchronization upgrade configuration, greatly simplifies thenetwork management and maintenance. And the distributed link aggregationload sharing and backup technology to realize the link, the traditional STPprotocol link low utilization ratio of.

2: large enterprise network and campus network

In the large enterprise network and campus network, the core with two S9500each other hot backup, convergence layer using S7500 or S5600convergence layer switch, guaranteed bandwidth through the Gigabit uplink,avoid the formation of the bottleneck in the convergence layer. Using S3600series switch in access layer, by deploying the EAD endpoint admissionstrategy, implementation of dynamic user identity, including the security state of terminal defence.

3: Small and medium enterprise network and campus network

Small and medium-sized enterprises using S3600 as the core switch, visits to achieve cross network users and departments using the routing function of S3600, between a plurality of synchronization can be extended IRF technique to realize the equipment buy HP JG299A performance and port.

http://yuming12.livejournal.com/

Cisco 2960 series switch configuration commands

(a) the enable password (enable password), ws-c2960s-48td-l the password in plaintext displayenable password (enbale secret), the password to the ciphertext display enter privilege mode Switch.# / privileged mode direct mode prompt Switch.>enable /Switch.> / user (to enter the ciphertext into Switch.#config terminal) / * enterglobal configuration mode Switch. (config) Switch. # / * configuration modeprompt (config) # hostname Pconline / * set the hostname Pconline Pconline(config) enable password cisco3560 # / * set the enable password for pconlinePconline (config) enable secret cisco3560 # / set enable password for networkPconline (config) line vty 015 # / set the virtual terminal lines Pconline (config-line) login / # set authentication Pconline (config-line) # password cisco3560 / *set the virtual terminal password two, switch VLAN set the Switch.> /Switch.>enable / user straight line mode prompt enter privilege modeswitch#vlan database; set into the VLAN switch (VLAN) # VLAN 2; VLAN 2

Switch (VLAN) #no VLAN 2 + VLAN 2 switch; #int f0/1; (config) into the network port 1 switch (config) #int giga0/1; 1 switch Gigabit port into the sink (config-if)duplex {auto full half} # | | set port --- automatic / full duplex or half duplex switch (config-if) #switchport mode trunk; the port is set to sink mouth switch(config-if) #switchport mode access; the port settings for the access mode of switch (config-if) #switchport trunk allowed VLAN 1, 2; group VLAN switch set 1,2 port allows (config-if) #switchport trunk VLAN 2; 1 is set in the allowed VLAN switch (config-if) #switchport access VLAN 2 the addition of VLAN 2; portswitch (config-if) #switchport trunk encap dot1q; set the VLAN relay Cisco network, there are four main types of switches in the LAN interface in the final steady state: access/ trunk/ multi/ dot1q-tunnel. 

1, access: is mainly used toaccess terminal equipment, such as PC, server, print server. 

2, trunk: is mainly used in connection with other switches, to support multiple VLAN in line.Multiple VLAN bearing 

3, multi: in a line, but unlike trunk, it does not carry datatagging. Mainly used for access to support multiple VLAN servers or network analysis apparatus. Now don't use this kind of interface, in the Cisco network equipment, also does not support this type of interface. 

4, dot1q-tunnel: is used in the Q-in-Q tunnel configuration. Switch (config) #vtp domain; set theVTP domain of switch (config) #vtp password; set the VTP password switch(config) #vtp mode server; VTP switch to set up the model of (config) #vtpmode client; 

set up the VTP model three. 

The switch IP address switch (config)#interface VLAN 1 to VLAN 1

Switch (config-if) #ip address 132.37.48.3 255.255.255.0; set the switchmanagement IP switch (config) #ip default-gateway 132.37.48.1; set the switchthe default gateway switch (config) #end; exit current mode Switch#conf t enter privilege mode Switch (config) interface fa0/5 Switch (config-if) # # shutdowncloses the port Switch (config-if) no shutdown # open port four commandprivilege mode. The switch display: switch#write; save the configuration information for the switch#show VTP; see VTP configuration information for the switch# show run; see the current configuration information for the switch#show VTP VTP switch#show VLAN information exchange; check; check the VLAN configuration information for the switch#show interface; Switch#showinterfaces FastEthernet 0/1 view port information switchport; two layer displayport state, can be used to determine the this is the mouth of two or three layers of export. Switch#show int f0/0; look at the specified port informationsw1924_b#show IP; see the setting sw1924_b#show versi; check the switchversion information sw1924_b#show running-config; check the switch currentrunning configuration information of all the sw1924_b#show int E0 /1; check the switch first port information based on MAC address binding port

Switch#config terminal to enter the Switch configuration mode (config) #Interface FastEthernet 0/1 into the specific interface configuration mode Switch(config-if) #Switchport port-secruity configure port security model Switch(config-if) switchport port-security mac-address MAC (address MAC) toconfigure the port to bind the MAC address of host Switch (config-if) noswitchport ws-c3560x-24p-s port-security mac-address MAC (address MAC). Remove the binding MAC address of the host。