Inhaltszusammenfassung zur Seite Nr. 1
®
3Com Stackable Switch
Family
Advanced Configuration Guide
3Com Switch 5500
3Com Switch 5500G
3Com Switch 4500
3Com Switch 4200G
3Com Switch 4210
www.3Com.com
Part Number: 10016492 Rev. AB
Published: February 2008
Inhaltszusammenfassung zur Seite Nr. 2
3Com Corporation Copyright © 2006-2008, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without 350 Campus Drive written permission from 3Com Corporation. Marlborough, MA 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time USA 01752-3064 without obligation on the part of 3Com Co
Inhaltszusammenfassung zur Seite Nr. 3
CONTENTS ABOUT THIS GUIDE Conventions 9 Related Documentation 9 Products Supported by this Document 10 1 LOGIN CONFIGURATION GUIDE Logging In from the Console Port 13 Logging In Through Telnet 15 Configuring Login Access Control 18 2 VLAN CONFIGURATION GUIDE Configuring Port-Based VLAN 21 Configuring Protocol-Based VLAN 23 3 IP ADDRESS CONFIGURATION GUIDE IP Address Configuration Guide 27 4 VOICE VLAN CONFIGURATION GUIDE Configuring Voice VLAN 29 Precautions 32 5 GVRP CONFIGURATION GUIDE Configu
Inhaltszusammenfassung zur Seite Nr. 4
4 3COM STACKABLE SWITCHES ADVANCED CONFIGURATION GUIDE 9 PORT SECURITY CONFIGURATION GUIDE Configuring Port Security autolearn Mode 47 Configuring Port Security mac-authentication Mode 48 Configuring Port Security userlogin-withoui Mode 51 Configuring Port Security mac-else-userlogin-secure-ext Mode 55 10 PORT BINDING CONFIGURATION GUIDE Configuring a Port Binding 59 11 MAC ADDRESS TABLE MANAGEMENT CONFIGURATION GUIDE MAC Address Table Management 61 12 DLDP CONFIGURATION GUIDE Configuring DLDP 6
Inhaltszusammenfassung zur Seite Nr. 5
Contents 5 Configuring Anycast RP Application 159 17 802.1X CONFIGURATION GUIDE Configuring 802.1x Access Control 165 18 AAA CONFIGURATION GUIDE Configuring RADIUS Authentication for Telnet Users 169 Configuring Dynamic VLAN Assignment with RADIUS Authentication 171 Configuring Local Authentication for Telnet Users 173 Configuring HWTACACS Authentication for Telnet Users 174 Configuring EAD 176 19 MAC AUTHENTICATION CONFIGURATION GUIDE Configuring MAC Authentication 179 20 VRRP CONFIGURATION GUI
Inhaltszusammenfassung zur Seite Nr. 6
6 3COM STACKABLE SWITCHES ADVANCED CONFIGURATION GUIDE 25 MIRRORING CONFIGURATION GUIDE Local Port Mirroring Configuration 229 Remote Port Mirroring Configuration 231 Traffic Mirroring Configuration 236 26 XRN CONFIGURATION GUIDE XRN Fabric Configuration 239 27 CLUSTER CONFIGURATION GUIDE Cluster Configuration 247 Network Management Interface Configuration 251 Cluster Configuration in Real Networking 254 28 POE/POE PROFILE CONFIGURATION GUIDE PoE Configuration 259 PoE Profile Configuration 261 2
Inhaltszusammenfassung zur Seite Nr. 7
Contents 7 Configuring a Switch as FTP Client 307 Configuring a Switch as TFTP Client 309 34 INFORMATION CENTER CONFIGURATION GUIDE Outputting Log Information to a Unix Log Host 311 Outputting Log Information to a Linux Log Host 313 Outputting Log and Trap Information to a Log Host Through the Same Channel 314 Outputting Log Information to the Console 317 Displaying the Time Stamp with the UTC Time Zone 318 Use of the Facility Argument in Log Information Output 319 35 VLAN-VPN CONFIGURATION GUID
Inhaltszusammenfassung zur Seite Nr. 8
8 3COM STACKABLE SWITCHES ADVANCED CONFIGURATION GUIDE
Inhaltszusammenfassung zur Seite Nr. 9
ABOUT THIS GUIDE Provides advanced configuration examples for the 3Com stackable switches, which includes the following: ■ 3Com Switch 5500 ■ 3Com Switch 5500G ■ 3Com Switch 4500 ■ 3Com Switch 4200G ■ 3Com Switch 4210 This guide is intended for Qualified Service personnel who are responsible for configuring, using, and managing the switches. It assumes a working knowledge of local area network (LAN) operations and familiarity with communication protocols that are used to interconnect LANs. A
Inhaltszusammenfassung zur Seite Nr. 10
10 ABOUT THIS GUIDE ■ 3Com Switch Family Configuration Guides— Describe how to configure your Stackable Switch using the supported protocols and CLI commands. ■ 3Com Switch Family Quick Reference Guides — Provide a summary of command line interface (CLI) commands that are required for you to manage your Stackable Switch . ■ 3Com Stackable Switch Family Release Notes — Contain the latest information about your product. If information in this guide differs from information in the release note
Inhaltszusammenfassung zur Seite Nr. 11
Products Supported by this Document 11
Inhaltszusammenfassung zur Seite Nr. 12
12 ABOUT THIS GUIDE
Inhaltszusammenfassung zur Seite Nr. 13
LOGIN CONFIGURATION GUIDE 1 Unless otherwise specified, all the switches used in the following configuration n examples and configuration procedures are Switch 5500 (release V03.02.04). Logging In from the You can log in locally from the console port to configure and maintain your switch, Console Port including configuring other login modes. The default login mode on the Switch 5500 is local console login. Network Diagram Figure 1 Logging in from the console port to configure Telnet login
Inhaltszusammenfassung zur Seite Nr. 14
14 CHAPTER 1: LOGIN CONFIGURATION GUIDE # Set the history command buffer size to 20 for VTY 0. [3Com-ui-vty0] history-command max-size 20 # Set the idle-timeout time of VTY 0 to 6 minutes. [3Com-ui-vty0] idle-timeout 6 ■ Configure an authentication mode for Telnet login The following three authentication modes are available for Telnet login: none, password, and scheme. The configuration procedures for the three authentication modes are described below: 1 Configure not to authenticate Telnet
Inhaltszusammenfassung zur Seite Nr. 15
Logging In Through Telnet 15 Complete Configuration ■ Telnet login configuration with the authentication mode being none user-interface vty 0 authentication-mode none user privilege level 2 history-command max-size 20 idle-timeout 6 0 screen-length 30 protocol inbound telnet ■ Telnet login configuration with the authentication mode being password user-interface vty 0 user privilege level 2 set authentication password simple 123456 history-command max-size 20 idle-timeout 6 0 screen-length 30 pr
Inhaltszusammenfassung zur Seite Nr. 16
16 CHAPTER 1: LOGIN CONFIGURATION GUIDE Network Diagram Figure 2 Telneting to the switch to configure console login Ethernet 1/0/1 Ethernet User PC running Telnet Networking and As shown in Figure 2, telnet to the switch to configure console login. The current Configuration user level is manage level (level 3). Requirements Applicable Products Product series Software version Hardware version Switch 5500 Release V03.02.04 All versions Switch 5500G Release V03.02.04 All versions Switch 450
Inhaltszusammenfassung zur Seite Nr. 17
Logging In Through Telnet 17 The following three authentication modes are available for console login: none, password, and scheme. The configuration procedures for the three authentication modes are described below: 1 Configure not to authenticate console login users. [3Com] user-interface aux 0 [3Com-ui-aux0] authentication-mode none 2 Configure password authentication for console login, and set the password to 123456 in plain text. [3Com] user-interface aux 0 [3Com-ui-aux0] authentication-
Inhaltszusammenfassung zur Seite Nr. 18
18 CHAPTER 1: LOGIN CONFIGURATION GUIDE ■ Console login configuration with the authentication mode being scheme # local-user guest password simple 123456 service-type terminal level 2 # user-interface aux 0 authentication-mode scheme user privilege level 2 history-command max-size 20 idle-timeout 6 0 speed 19200 screen-length 30 Precautions None Configuring Login Access Control Network Diagram Figure 3 Network diagram for login access control 10.110.100.46 Host A IP network Switch Host B 1
Inhaltszusammenfassung zur Seite Nr. 19
Configuring Login Access Control 19 [3Com-acl-basic-2000] rule 1 permit source 10.110.100.52 0 [3Com-acl-basic-2000] rule 2 permit source 10.110.100.46 0 [3Com-acl-basic-2000] rule 3 deny source any [3Com-acl-basic-2000] quit # Reference ACL 2000 to control Telnet login by source IP address. [3Com] user-interface vty 0 4 [3Com-ui-vty0-4] acl 2000 inbound # Reference ACL 2000 to control SNMP login by source IP address. [3Com] snmp-agent community read aaa acl 2000 [3Com] snmp-agent group v2c gr
Inhaltszusammenfassung zur Seite Nr. 20
20 CHAPTER 1: LOGIN CONFIGURATION GUIDE