7/31/2019 3Com Switch 8800 Family Configuration Guide
1/881
3Com Switch 8800 FamilyConfiguration Guide
Switch 8807
Switch 8810Switch 8814
www.3Com.comPart No. 10015594, Rev. AAPublished: January 2007
7/31/2019 3Com Switch 8800 Family Configuration Guide
2/881
3Com Corporation350 Campus DriveMarlborough, MAUSA 01752-3064
Copyright 2007, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form orby any means or used to make any derivative work (such as translation, transformation, or adaptation) without writtenpermission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to timewithout obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied orexpressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality,and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s)
described in this documentation at any time.If there is any software on removable media described in this documentation, it is furnished under a license agreementincluded with the product as a separate document, in the hard copy documentation, or on the removable media in adirectory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy willbe provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are provided toyou subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software isdelivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995) or as a commercial itemas defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Coms standard commerciallicense for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) orFAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend providedon any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registeredin other countries.
3Com and the 3Com logo are registered trademarks of 3Com Corporation.
Cisco is a registered trademark of Cisco Systems, Inc.
Funk RADIUS is a registered trademark of Funk Software, Inc.
Aegis is a registered trademark of Aegis Group PLC.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT areregistered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UN IX is aregistered trademark in the United States and other countries, l icensed exclusively through X/Open Company, Ltd.
IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.
All other company and product names may be trademarks of the respective companies with which they are associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committedto:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards.Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
7/31/2019 3Com Switch 8800 Family Configuration Guide
3/881
CONTENTS
ABOUT THIS GUIDEConventions 15Related Documentation 16
1 PRODUCT OVERVIEWProduct Overview 17Function Features 18
2 COMMAND LINE INTERFACECommand Line Interface 21Command Line View 21Features and Functions of Command Line 29
3 LOGGINGINTO SWITCHSetting Up Configuration Environment through the Console Port 33Setting up Configuration Environment through Telnet 34Setting Up Configuration Environment through Modem Dial-up 37
4 USER INTERFACE CONFIGURATIONUser Interface Overview 39User Interface Configuration 40Displaying and Debugging User Interface 48
5 MANAGEMENT INTERFACE CONFIGURATIONManagement Interface Overview 49Management Interface Configuration 49
6 CONFIGURATION FILE MANAGEMENTConfiguration File Management 51
7 VLAN CONFIGURATIONVLAN Overview 55Configuring VLAN 55Configuring Protocol-Based VLAN 57
Configuring IP Subnet-Based VLAN 58
7/31/2019 3Com Switch 8800 Family Configuration Guide
4/881
Configure the CPU Port in an VLAN 58Displaying and Debugging a VLAN 59VLAN Configuration Example 59
8 SUPER
VLAN CONFIGURATION
Super VLAN Overview 61
Configuring a Super VLAN 61
9 ISOLATE-USER-VLAN CONFIGURATIONIsolate-user-VLAN Overview 65
Isolate-use-vlan Configuration Task 65Displaying and Debugging an isolate-user-VLAN 67Isolate-user-VLAN Configuration Example 68
10 IP ADDRESS CONFIGURATIONIntroduction to IP Addresses 71Configuring IP Address 73Displaying IP Address 76IP Address Configuration Example 76
Troubleshooting IP Address Configuration 77
11 IP PERFORMANCE CONFIGURATIONConfiguring IP Performance 79
Displaying and Debugging IP Performance 79Troubleshooting IP Performance 81
12 GARP&GVRP CONFIGURATIONConfiguring GARP 83Configuring GVRP 85
13 ETHERNET PORT CONFIGURATIONEthernet Port Overview 89Ethernet Port Configuration 89
Setting the Interval of Performing Statistics on Ports 92
Displaying and Debugging Ethernet Port 98Ethernet Port Configuration Example 98Ethernet Port Troubleshooting 99
14 LINK AGGREGATION CONFIGURATIONOverview 101Link Aggregation Configuration 104Displaying and Debugging Link Aggregation 108
Link Aggregation Configuration Example 108
7/31/2019 3Com Switch 8800 Family Configuration Guide
5/881
15 PORT ISOLATION CONFIGURATIONPort Isolation Overview 111Configuration Tasks 111
Port Isolation Configuration Example 113
16 MAC ADDRESS TABLE MANAGEMENTMAC Address Table Management Overview 115
MAC Address Table Management Configuration 116Maximum MAC Address Number Learned by Ethernet Port and Forwarding OptionConfiguration 117Configuring Max Number of MAC Addresses that can be Learned in a VLAN 118Displaying and Debugging MAC Address Tables 119Resetting MAC Addresses 119
MAC Address Table Management Configuration Example 119
17 MSTP REGION-CONFIGURATIONIntroduction to MSTP 121Configuring MSTP 132Displaying and Debugging MSTP 150Typical MSTP Configuration Example 152
18 DIGEST SNOOPING CONFIGURATIONIntroduction to Digest Snooping 155
Digest Snooping Configuration 155
19 FAST TRANSITIONIntroduction 159Configuring Fast transition 160
20 BPDU TUNNEL CONFIGURATIONBPDU Tunnel Overview 163Configuring BPDU Tunnel 163BPDU Tunnel Configuration Example 164
21 ACL CONFIGURATIONACL Overview 167ACL Configuration Tasks 169Displaying and Debugging ACL Configurations 176ACL Configuration Example 177
22 QOS CONFIGURATIONQoS Overview 181Introduction to QoS Configuration Based on Port Groups 184QoS Configuration 188
7/31/2019 3Com Switch 8800 Family Configuration Guide
6/881
QoS Configuration Example 202
23 LOGON USER ACL CONTROL CONFIGURATIONOverview 209
Configuring ACL for Telnet/SSH Users 209Configuring ACL for SNMP Users 212
24 VLAN-ACL CONFIGURATIONVLAN-ACL Overview 215VLAN-ACL Configuration 215
25 802.1X CONFIGURATION802.1x Overview 221802.1x Configuration 223
Displaying and Debugging 802.1x 229Packet Attack Prevention Configuration 230802.1x Configuration Example 230
26 AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATIONAAA and RADIUS/HWTACACS Protocol Overview 235AAA Configuration 239Configuring RADIUS Protocol 245Configuring HWTACACS Protocol 256
Displaying and Debugging AAA and RADIUS Protocol 261AAA and RADIUS/HWTACACS Protocol Configuration Examples 262Troubleshooting AAA and RADIUS/HWTACACS 265
27 PORTAL CONFIGURATIONPortal Overview 267
Basic Portal Configuration 270Portal Authentication-free User and Free IP Address Configuration 276Portal Rate Limit Function Configuration 278Portal User Deletion 278
28 IP ROUTING
PROTOCOL
OVERVIEW
Introduction to IP Route and Routing Table 279Routing Management Policy 282
29 STATIC ROUTE CONFIGURATIONIntroduction to Static Route 285Configuring Static Route 286Displaying and Debugging Static Route 287
Typical Static Route Configuration Example 288Troubleshooting Static Route Faults 289
7/31/2019 3Com Switch 8800 Family Configuration Guide
7/881
30 RIP CONFIGURATIONIntroduction to RIP 291Configuring RIP 292
Displaying and Debugging RIP 300Typical RIP Configuration Example 300Troubleshooting RIP Faults 301
31 OSPF CONFIGURATIONOSPF Overview 303OSPF GR Overview 307Configuring OSPF 311Displaying and Debugging OSPF 330Typical OSPF Configuration Example 331
Troubleshooting OSPF Faults 336
32 INTEGRATED IS-IS CONFIGURATIONIntroduction to Integrated IS-IS 339Configuring Integrated IS-IS 343Displaying and Debugging Integrated IS-IS 358
Typical Integrated IS-IS Configuration Example 359
33 BGP CONFIGURATIONBGP/MBGP Overview 361
Configuring BGP 364Displaying and Debugging BGP 383
Typical BGP Configuration Examples 384Troubleshooting BGP 390
34 IP ROUTING POLICY CONFIGURATIONIntroduction to IP Routing Policy 393Configuring IP Routing Policy 394Displaying and Debugging the Routing Policy 401
Typical IP Routing Policy Configuration Example 401Troubleshooting Routing Policy 402
35 ROUTE CAPACITY CONFIGURATIONRoute Capacity Configuration 405
36 RECURSIVE ROUTING CONFIGURATIONRecursive Routing Configuration 407
37 IP MULTICAST OVERVIEWIP Multicast Overview 409
7/31/2019 3Com Switch 8800 Family Configuration Guide
8/881
Implementation of IP Multicast 411RPF Mechanism for IP Multicast Packets 414
38 STATIC MULTICAST MAC ADDRESS CONFIGURATION
Static Multicast MAC Address Overview 417Configuring a Static Multicast MAC Address 417
Displaying and Maintaining Static Multicast MAC Address Configuration 418
39 IGMP SNOOPING CONFIGURATIONIGMP Snooping Overview 419
IGMP Snooping Configuration 422Multicast Static Routing Port Configuration 426Displaying and Maintaining IGMP Snooping 427IGMP Snooping Configuration Example 427Troubleshooting IGMP Snooping 428
40 MULTICAST VLAN CONFIGURATIONMulticast VLAN Overview 431Multicast VLAN Configuration 431
Multicast VLAN Configuration Example 432
41 COMMON MULTICAST CONFIGURATIONIntroduction to Common Multicast Configuration 435
Common Multicast Configuration 435Managed multicast Configuration 437Configuring Broadcast/Multicast Suppression 439Displaying and Debugging Common Multicast Configuration 440
42 IGMP CONFIGURATIONIGMP Overview 441Introduction to IGMP Proxy 442IGMP Configuration 444Displaying and Debugging IGMP 453
43 PIM-DM CONFIGURATION
PIM-DM Overview 455PIM-DM Configuration 456Displaying and Debugging PIM-DM 459PIM-DM Configuration Example 460
44 PIM-SM CONFIGURATIONPIM-SM Overview 463
PIM-SM Configuration 465Displaying and Debugging PIM-SM 469
7/31/2019 3Com Switch 8800 Family Configuration Guide
9/881
PIM-SM Configuration Example 469
45 MSDP CONFIGURATIONMSDP Overview 473
MSDP Configuration 476Displaying and Debugging MSDP 482MSDP Configuration Examples 483
46 MBGP MULTICAST EXTENSION CONFIGURATIONMBGP Multicast Extension Overview 493MBGP Multicast Extension Configuration 494
Displaying and Debugging MBGP Configuration 501MBGP Multicast Extension Configuration Example 501
47 MPLS ARCHITECTUREMPLS Overview 507MPLS Basic Concepts 507MPLS Architecture 510
48 MPLS BASIC CAPABILITY CONFIGURATIONMPLS Basic Capability Overview 515MPLS Configuration 515LDP Configuration 517
Displaying and Debugging MPLS Basic Capability 521Typical MPLS Configuration Example 523Troubleshooting MPLS Configuration 526
49 BGP/MPLS VPN CONFIGURATIONBGP/MPLS VPN Overview 529BGP/MPLS VPN Configuration 537Displaying and Debugging BGP/MPLS VPN 550Typical BGP/MPLS VPN Configuration Example 552
Troubleshooting BGP/MPLS VPN Configuration 599
50 CARD INTERMIXINGFOR MPLS SUPPORTOverview 601Restrictions in Intermixing Networking 602Intermixing Configuration Task 603Restrictions in Networking of Various MPLS Cards 611
51 MPLS VLLMPLS L2VPN Overview 613
CCC MPLS L2VPN Configuration 616Martini MPLS L2VPN Configuration 621
7/31/2019 3Com Switch 8800 Family Configuration Guide
10/881
Kompella MPLS L2VPN Configuration 625Displaying and Debugging MPLS L2VPN 629Troubleshooting MPLS L2VPN 630
52 VPLS CONFIGURATION
VPLS Overview 633
Basic VPLS Network Architectures 634VPLS Operational Principle 635Concepts Related to VPLS 637VPLS Basic Configuration 638Displaying and Debugging VPLS 646VPLS Basic Configuration Example 646
Troubleshooting VPLS 650
53 VRRP CONFIGURATIONIntroduction to VRRP 653Configuring VRRP 654Displaying and debugging VRRP 659VRRP Configuration Example 660Troubleshooting VRRP 664
54 HA CONFIGURATIONIntroduction to HA 667Configuring HA 667Displaying and Debugging HA Configuration 669
HA Configuration Example 670
55 ARP CONFIGURATIONIntroduction to ARP 671
Configuring ARP 672Displaying and Debugging ARP 675
56 ARP TABLE SIZE CONFIGURATIONIntroduction to ARP Table Size Configuration 677Configuring ARP Table Size Dynamically 678
Displaying ARP Table Size Configuration 678Configuration Example 679
57 DHCP CONFIGURATIONSome Concepts about DHCP 681Configuring General DHCP 684Configuring DHCP Server 686Configuring DHCP Relay 698DHCP Option 82 Configuration 702
7/31/2019 3Com Switch 8800 Family Configuration Guide
11/881
58 DNS CONFIGURATIONIntroduction to DNS 709Configuring Static Domain Name Resolution 710
Configuring Dynamic Domain Name Resolution 710Displaying and Debugging Domain Name Resolution 711DNS Configuration Example 711Troubleshooting Domain Name Resolution Configuration 712
59 NETSTREAM CONFIGURATIONNetstream Overview 713Netstream Configuration 714Netstream Configuration Examples 716
60 NDP CONFIGURATION
Introduction to NDP 719Introduction to NDP Configuration Tasks 719NDP Configuration Example 721
61 POE CONFIGURATIONPoE Overview 723PoE Configuration 724Comprehensive Configuration Example 726
62 POE PSU SUPERVISION CONFIGURATION
Introduction to PoE PSU Supervision 729AC Input Alarm Thresholds Configuration 729
DC Output Alarm Thresholds Configuration 730Displaying PoE Supervision Information 731PoE PSU Supervision Configuration Example 731
63 UDP HELPER CONFIGURATIONOverview 733Configuring UDP Helper 733Displaying UDP Helper 735
64 SNMP CONFIGURATIONSNMP Overview 737
SNMP Versions and Supported MIB 737Configuring SNMP 738Displaying and Debugging SNMP 743SNMP Configuration Example 743
7/31/2019 3Com Switch 8800 Family Configuration Guide
12/881
65 RMON CONFIGURATIONRMON Overview 747Configuring RMON 747Displaying and Debugging RMON 750
RMON Configuration Example 751
66 NTP CONFIGURATIONBrief Introduction to NTP 753NTP Configuration 755Displaying and Debugging NTP 760
NTP Configuration Example 761
67 SSH TERMINAL SERVICESSH Terminal Service 769
SFTP Service 781
68 FILE SYSTEM MANAGEMENTFile System Configuration 789
69 DEVICEMANAGEMENTDevice Management Overview 793
Device Management Configuration 793Displaying and Debugging Device Management 796Device Management Configuration Example 796
70 FTP&TFTP CONFIGURATIONFTP Configuration 801
TFTP Configuration 806
71 INFORMATION CENTERInformation Center Function 811
72 SYSTEM MAINTENANCEAND DEBUGGINGBasic System Configuration 835
Displaying the Status and Information of the System 836System Debugging 836Testing Tools for Network Connection 838
73 PROTOCOL PORT SECURITY CONFIGURATIONIntroduction to Protocol Port Security 841
7/31/2019 3Com Switch 8800 Family Configuration Guide
13/881
74 PACKET STATISTICS CONFIGURATIONIntroduction to Egress Packet Statistics 843
75 ETHERNET PORT LOOPBACK DETECTION
Ethernet Port Loopback Detection Function 845Configuring the Loopback Detection Function 845Displaying and Maintaining the Loopback Detection Function 845
76 QINQ CONFIGURATIONQinQ Overview 847VLAN VPN Configuration 849VLAN VPN Configuration 849Traffic Classification-Based Nested VLAN Configuration 850Adjusting TPID Values for QinQ Packets 853
VLAN-VPN Tunnel Configuration 855
77 NQA CONFIGURATIONIntroduction to NQA 861NQA Configuration 861Displaying and Maintaining NQA 865
78 PASSWORD CONTROL CONFIGURATIONIntroduction to Password Control Configuration 867
79 ACRONYMS
7/31/2019 3Com Switch 8800 Family Configuration Guide
14/881
7/31/2019 3Com Switch 8800 Family Configuration Guide
15/881
Conventions 15
ABOUT THIS GUIDE
This guide describes the 3Com Switch 8800 and how to install hardware,configure and boot software, and maintain software and hardware. This guidealso provides troubleshooting and support information for your switch.
This guide is intended for Qualified Service personnel who are responsible forconfiguring, using, and managing the switches. It assumes a working knowledgeof local area network (LAN) operations and familiarity with communicationprotocols that are used to interconnect LANs.
nAlways download the Release Notes for your product from the 3Com World WideWeb site and check for the latest updates to software and product
documentation:http://www.3com.com
Conventions Table 1 lists icon conventions that are used throughout this guide.
Table 2 lists text conventions that are used throughout this guide.
Table 1 Notice Icons
Icon Notice Type Description
nInformation note Information that describes important features or
instructions.
cCaution Information that alerts you to potential loss of dataor potential damage to an application, system, or
device.
wWarning Information that alerts you to potential personal
injury.
Table 2 Text Conventions
Convention Description
Screen displays This typeface represents information as it appears on the
screen.Keyboard key names If you must press two or more keys simultaneously, the key
names are linked with a plus sign (+), for example:
Press Ctrl+Alt+Del
The words enter and type When you see the word enter in this guide, you must typesomething, and then press Return or Enter. Do not pressReturn or Enter when an instruction simply says type.
7/31/2019 3Com Switch 8800 Family Configuration Guide
16/881
7/31/2019 3Com Switch 8800 Family Configuration Guide
17/881
1PRODUCT OVERVIEW
Product Overview The 3Com Switch 8800 Family Series Routing Switches (hereinafter referred to asSwitch 8800 Family series) are a series of large capacity, modularized L2/L3switches. They are mainly designed for broadband MAN, backbone, switchingcore and convergence center of large-sized enterprise network and campusnetwork. They provide diverse services and can be used in constructing stable andhigh-performance IP network. The series include the following main models:
Switch 8807 routing switch
Switch 8810 routing switch Switch 8814 routing switch
Switch 8800 Family series use integrated chassis, which can be subdivided intopower supply area, module area, backplane and fan area.
For Switch 8807, in the module area, there are seven slots: the top two (slot0,slot1) accommodate fabric modules, which are in 1+1 redundancy; the remainingfive accommodate I/O Modules.
For Switch 8810, in the module area, there are 10 slots: the two (slot4, slot5) inthe middle accommodate fabric modules, which are in 1+1 redundancy; the
remaining 8 accommodate I/O Modules.
For Switch 8814, in the module area, there are 14 slots: the two (slot6, slot7) inthe middle accommodate fabric modules, which are in 1+1 redundancy; theremaining 12 accommodate I/O Modules, which can be hybrid. For specificconfigurations of the hybrid modules, refer to the "BGP/MPLS VPN Configuration"section of the MPLS module.
Switch 8800 Family series support the following services:
Internet broadband access
MAN, enterprise/campus networking
Providing multicast service and multicast routing and supporting multicastaudio and video services.
7/31/2019 3Com Switch 8800 Family Configuration Guide
18/881
7/31/2019 3Com Switch 8800 Family Configuration Guide
19/881
Function Features 19
MPLS
L3 multiprotocol label switching (MPLS) VPN (option1/2/3),embedded MPLS VPN, hierarchical PE (HoPE), CE dualhoming, MCE, and multi-role host
VLL, including Martini, Kompella and CCC modesVPLS
Quality of service (QoS)
Supports different types of traffic classification, includingport-based, VLAN-based, COS priority-based, IPaddress-based, TOS priority-based, DSCP priority-based,TCP/UDP port-based, protocol type-based, and class ofservice (CoS)-based traffic classification
Traffic supervision. The granularity is 8 Kbps
Traffic shaping
Priority mark/Remark
Queue scheduling: supports strict priority queuing (SP),weighted round robin (WRR), and SP+WRR
Congestion avoidance algorithms Tail-Drop and WRED
Supports up to eight priority queues per port
Security features
Multi-level user management and password protection
Password control
802.1X authentication
Packet filtering
Port-based receiving broadcast frame control and supportsrate calculation in terms of bytes or packets
Guards against attack through anti-virus protocol packets,such as DOS attack
AAA/RADIUS/HWTACACS
SSH 2.0
Firewall Application Module and IPsec Application Module
Portal
Accounting of education networks
Dedicated service processing Netstream
QinQPort-based VLAN VPN
Selective QinQ
Table 1 Function features
Features Implementation
7/31/2019 3Com Switch 8800 Family Configuration Guide
20/881
20 CHAPTER 1: PRODUCT OVERVIEW
Management and Maintenance
Command line interface configuration
Local configuration through the Console port and the AUXport
Local and remote configuration through Telnet on anEthernet port
Remote configuration through modem dialup through theAUX port.
SNMP management (supports 3Coms networkmanagement products, remote monitoring (RMON) MIBgroup 1, 2, 3 and 9)
VPN manager (a MPLS VPN network management tool
System logs
Hierarchical alarms
Output of the debugging information
Ping and TracertNetwork Quality Assurance (NQA)
Loading and updating
Supports to load and upgrade software through theXModem protocol
Supports to load and upgrade software through the filetransfer protocol (FTP) and the trivial file transfer protocol(TFTP)
Simultaneous loading of BootROM and host software
Table 1 Function features
Features Implementation
7/31/2019 3Com Switch 8800 Family Configuration Guide
21/881
2COMMAND LINE INTERFACE
Command LineInterface
3Com series switches provide a series of configuration commands and commandline interfaces for configuring and managing the switch. The command lineinterface has the following characteristics:
Local configuration via the Console port and AUX port.
Local or remote configuration via Telnet.
Remote configuration through dialing with modem via the AUX port.
Hierarchy command protection to avoid the unauthorized users accessingswitch.
Enter a "?" to get immediate online help.
Provide network testing commands, such as Tracert and Ping, to fasttroubleshoot the network.
Provide various detailed debugging information to help with networktroubleshooting.
Log in and manage other switch directly, using the Telnet command.
Provide FTP service for the users to upload and download files.
Provide the function similar to Doskey to execute a history command.
The command line interpreter searches for target not fully matching thekeywords. It is ok for you to key in the whole keyword or part of it, as long as itis unique and not ambiguous.
Command Line View 3Com series switches provide hierarchy protection for the command lines to avoidunauthorized user accessing illegally.
Commands are classified into four levels, namely visit level, monitoring level,configuration level and management level. They are introduced as follows:
Visit level: Commands of this level involve command of network diagnosis tool
(such as ping and tracert), command of switch between different languageenvironments of user interface (language-mode) and the telnet command.The operation of saving configuration file is not allowed on this level ofcommands.
Monitoring level: Commands of this level, including the display command andthe debugging command, are used to system maintenance, service faultdiagnosis, etc. The operation of saving configuration file is not allowed on thislevel of commands.
7/31/2019 3Com Switch 8800 Family Configuration Guide
22/881
22 CHAPTER 2: COMMAND LINE INTERFACE
Configuration level: Service configuration commands, including routingcommand and commands on each network layer, are used to provide directnetwork service to the user.
Management level: They are commands that influence basis operation of thesystem and system support module, which plays a support role on service.
Commands of this level involve file system commands, FTP commands, TFTPcommands, XModem downloading commands, user management commands,and level setting commands.
At the same time, login users are classified into four levels that correspond to thefour command levels respectively. After users of different levels log in, they canonly use commands at the levels that are equal to or lower than its own level.
In order to prevent unauthorized users from illegal intrusion, user will be identifiedwhen switching from a lower level to a higher level with super [ level] command.User ID authentication is performed when users at lower level switch to users athigher level. In other words, user password of the higher level is needed (Suppose
the user has set the super password [ levellevel] { simple | cipher }password.)For the sake of confidentiality, on the screen the user cannot see the passwordthat he entered. Only when correct password is input for three times, can the userswitch to the higher level. Otherwise, the original user level will remainunchanged.
Different command views are implemented according to different requirements.They are related to one another. For example, after logging in the switch, you willenter user view, in which you can only use some basic functions such as displayingthe running state and statistics information. In user view, key in system-view toenter system view, in which you can key in different configuration commands andenter the corresponding views.
The command line provides the following views:
User view
System view
Port view
VLAN view
VLAN interface view
Local-user view
User interface view
FTP Client command view SFTP Client view
MST region view
PIM view
MSDP view
IPv4 multicast sub-address family view
RIP view
OSPF view
7/31/2019 3Com Switch 8800 Family Configuration Guide
23/881
Command Line View 23
OSPF area view
BGP view
IS-IS view
Route policy view
Basic ACL view Advanced ACL view
Layer-2 ACL view
Conform-level view
WRED index view
RADIUS server group view
ISP domain view
MPLS view
VPNv4 sub-address family view
VPN-instance sub-address family view
BGP-VPNv4 sub-address family view
MPLS L2VPN view
L2VPN address family view
Route-Policy view
vpn-instance view
OSPF protocol view
Remote-peer view
VSI-LDP view
VSI view
HWTACACS view
Port group view
The following table describes the function features of different views and the waysto enter or quit. Port numbers are only for examples.
Table 2 Function feature of command view
Commandview Function Prompt
Command toenter
Command toexit
User viewShow the basicinformationabout operationand statistics
Enter right afterconnecting theswitch
Use quit to endthedisconnectionwith the switch
System view Configure systemparameters [SW8800]Key insystem-view inuser view
Use quit orreturn to returnto user view
7/31/2019 3Com Switch 8800 Family Configuration Guide
24/881
24 CHAPTER 2: COMMAND LINE INTERFACE
Port view
Ethernet portview:
ConfigureEthernet portparameters
[3Com-Ethernet2/1/1]
100M Ethernetport view
Key in interfaceethernet 2/1/1in system view
Use quit toreturn to systemview
Use return toreturn to userview
[3Com-GigabitEthernet2/1/1]
GigabitEthernetport view
Key in interfacegigabitethernet2/1/1 in systemview
[3Com-GigabitEthernet2/1/1]
10G Ethernetport view
Key in interfacegigabitethernet
2/1/1 in systemview
VLAN view Configure VLANparameters [3Com-Vlan1]Key in vlan 1 insystem view
Use quit toreturn to systemview
Use return toreturn to userview
VLAN interfaceview
Configure IPinterfaceparameters for aVLAN or a VLANaggregation
[3Com-Vlan-interface1]
Key in interfacevlan-interface 1in system view
Use quit to
return to systemview
Use return toreturn to userview
Local-user view Configure localuser parameters [3Com-luser-user1]Key in local-useruser1 in systemview
Use quit toreturn to systemview
Use return toreturn to userview
User interfaceview
Configure user
interfaceparameters
[3Com-ui0]
Key in
user-interface 0in system view
Use quit toreturn to systemview
Use return toreturn to userview
FTP clientcommand view
Configure FTPClientparameters
[ftp] Key in ftp in userview
Use quit toreturn to systemview
Table 2 Function feature of command view
Commandview Function Prompt
Command toenter
Command toexit
7/31/2019 3Com Switch 8800 Family Configuration Guide
25/881
Command Line View 25
SFTP Clientview
Configure SFTPClientparameters
Key in sftpip-address insystem view
Use quit toreturn to system
viewUse return toreturn to userview
MST regionview
Configure MSTregionparameters
[3Com-mst-region]
Key in stpregion-configuration in systemview
Use quit toreturn to systemview
Use return toreturn to userview
PIM view Configure PIM
parameters
[3Com-PIM] Key in pim in
system view
Use quit toreturn to systemview
Use return toreturn to userview
MSDP viewConfigure MSDPparameters [3Com-msdp]
Key in msdp insystem view
Use quit toreturn to systemview
Use return toreturn to userview
IPv4 multicastsub-address
family view
Enter the IPv4multicastsub-addressfamily view toconfigure MBGP
multicastextensionparameters
[3Com-bgp-af-mul]
Key inipv4-familymulticast in BGP
view
Use quit toreturn to BGPview
Use return toreturn to userview
RIP view Configure RIPparameters [3Com-rip]Key in rip insystem view
Use quit toreturn to systemview
Use return toreturn to userview
OSPF viewConfigure OSPFparameters [3Com-ospf-1]
Key in ospf insystem view
Use quit toreturn to systemview
Use return to
return to userview
OSPF area viewConfigure OSPFarea parameters
[3Com-ospf-1-area-0.0.0.1]
Key in area 1 inOSPF view
Use quit toreturn to OSPFview
Use return toreturn to userview
Table 2 Function feature of command view
Commandview Function Prompt
Command toenter
Command toexit
7/31/2019 3Com Switch 8800 Family Configuration Guide
26/881
26 CHAPTER 2: COMMAND LINE INTERFACE
BGP view Configure BGPparameters [3Com-bgp] Key inbgp 100in system view
Use quit toreturn to system
viewUse return toreturn to userview
IS-IS view Configure IS-ISparameters [3Com-isis]Key in isis insystem view
Use quit toreturn to systemview
Use return toreturn to userview
Route policy
view
Configure route
policy parameters
[3Com-route-policy]
Key inroute-policypolicy1 permitnode 10 insystem view
Use quit toreturn to systemview
Use return toreturn to userview
Basic ACL view Define the rule ofbasic ACL[3Com-acl-basic-2000]
Key in aclnumber 2000 insystem view
Use quit toreturn to systemview
Use return toreturn to userview
Advanced ACLview
Define the rule ofadvanced ACL [3Com-acl-adv-3000]
Key in aclnumber 3000 insystem view
Use quit toreturn to systemview
Use return to
return to userview
Layer-2 ACLview
Define the rule oflayer-2 ACL [3Com-acl-link-4000]
Key in aclnumber 4000 insystem view
Use quit toreturn to systemview
Use return toreturn to userview
Conform-levelview
Configure the"DSCP +Conform-levelService group"mapping tableand"EXP +
Conform-level->serviceparameters"mapping table and"Local-precedence +Conform-level802.1p priority"mapping table
[3Com-conform-level-0]
Key in qosconform-level 0in system view
Use quit toreturn to system
viewUse return toreturn to userview
Table 2 Function feature of command view
Commandview Function Prompt
Command toenter
Command toexit
7/31/2019 3Com Switch 8800 Family Configuration Guide
27/881
Command Line View 27
WRED indexview Configure WREDparameters [3Com-wred-0] Key in wred 0 insystem view
Use quit toreturn to system
viewUse return toreturn to userview
RADIUS servergroup view
Configure radiusparameters [3Com-radius-1]
Key in radiusscheme 1 insystem view
Use quit toreturn to systemview
Use return toreturn to userview
ISP domainview
Configure ISPdomain
parameters
[3Com-isp-3Com163.net]
Key in domain3Com163.net in
system view
Use to return tosystem view
Use return to
return to userview
MPLS view Configure MPLSparameters [3Com-mpls]Key in mpls insystem view
Use quit toreturn to systemview
Use return toreturn to userview
VPNv4sub-addressfamily view
Configure VPNv4address familyparameters
[3Com-bgp-af-vpn]
Key inipv4-familyvpnv4 in BGPview
Use quit toreturn to systemview
Use return toreturn to user
view
VPN-instancesub-addressfamily view
Configure VPNinstancesub-addressfamilyparameters
[3Com-bgp-af-vpn-instance]
Key inipv4-familyvpn-instancevpna in BGP/RIPview
Use quit toreturn to systemview
Use return toreturn to userview
BGP-VPNv4sub-addressfamily view
ConfigureBGP-VPNv4sub-addressfamilyparameters
[3Com-bgp-af-vpn]
Key inipv4-familyvpn-instance inBGP/RIP view
Use quit toreturn to systemview
Use return toreturn to userview
MPLS L2VPNview
Configure MPLSL2VPN serviceparameters
[3Com-mpls-l2vpn-vpna]
Key in mplsl2vpn vpnaencapsulationEthernet insystem view
Use quit toreturn to systemview
Use return toreturn to userview
L2VPN addressfamily view
Configure L2VPNserviceparameters
[3Com-bgp-af-l2vpn]Key inl2vpn-family inBGP view
Use quit toreturn to systemview
Use return toreturn to userview
Table 2 Function feature of command view
Commandview Function Prompt
Command toenter
Command toexit
7/31/2019 3Com Switch 8800 Family Configuration Guide
28/881
28 CHAPTER 2: COMMAND LINE INTERFACE
Route-Policyview
Configure
Route-Policyserviceparameters
[3Com-route-policy]
Key inroute-policy
route-policy-name { permit | deny} nodenode-numberinsystem view
Use quit toreturn to system
viewUse return toreturn to userview
vpn-instanceview
Configurevpn-instanceparameters
[3Com-vpn-vpn-instance_blue]
Key in ipvpn-instancevpn-instance_vpna in systemview
Use quit toreturn to systemview
Use return toreturn to userview
OSPF protocolview
Configure OSPFprotocolparameters
[3Com-ospf-100]
Key in ospfprocess-id[router-id
router-id-number] [ vpn-instancevpn-instance-name ] in systemview
Use quit toreturn to system
viewUse return toreturn to userview
Remote-peerview
Configure MPLSpeer groupparameters
[3Com-mpls-remote1]
Key in mplsremote1
Use quit toreturn to systemview
Use return toreturn to userview
VSI-LDP viewConfigure someVPLS features [8500-vsi-3Com-ldp]
Key in vsi 3Comin system view
Key in pwsignalldp in vsi view
Use quit toreturn to vsiview
Use return toreturn to userview
VSI view Specify VPLSmode [8500-vsi-3Com]Key in vsi 3Comin system view
Use quit toreturn to systemview
Use return toreturn to userview
HWTACACSview
ConfigureHWTACACSprotocol
parameters
[8500-hwtacacs-3Com]
Key in hwtacacsscheme 3Com in
system view
Use quit toreturn to systemview
Use return toreturn to userview
Port groupview
Combine theports with thesameconfiguration,omittingrepeatedconfigurationprocedure
[8500-port-group X]Key inport-group X insystem view
Use quit toreturn to systemview
Use return toreturn to userview
Table 2 Function feature of command view
Commandview Function Prompt
Command toenter
Command toexit
7/31/2019 3Com Switch 8800 Family Configuration Guide
29/881
Features and Functions of Command Line 29
Features andFunctions ofCommand Line
Online Help ofCommand Line The command line interface provides the following online help modes. Full help
Partial help
You can get the help information through these online help commands, which aredescribed as follows.
1 Input "?" in any view to get all the commands in it and correspondingdescriptions.
?
User view commands:
language-mode Specify the language environment
ping Ping functionquit Exit from current command viewsuper Privilege current user a specified priority level
telnet Establish one TELNET connection
tracert Trace route function
2 Input a command with a "?" separated by a space. If this position is for keywords,all the keywords and the corresponding brief descriptions will be listed.
language-mode ?
chinese Chinese environment
english English environment
3 Input a command with a "?" separated by a space. If this position is forparameters, all the parameters and their brief descriptions will be listed.
[SW8800] garp timer leaveall ?
INTEGER Value of timer in centiseconds
(LeaveAllTime > (LeaveTime [On all ports]))
Time must be multiple of 5 centiseconds
[SW8800] garp timer leaveall 300 ?
indicates no parameter in this position. The next command line repeats thecommand, you can press to execute it directly.
4 Input a character string with a "?", then all the commands with this characterstring as their initials will be listed.
p?ping pwd
5 Input a command with a character string and "?", then all the key words with thischaracter string as their initials in the command will be listed.
display ver?
version
6 Input the first letters of a keyword of a command and press key. If no otherkeywords are headed by this letters, then this unique keyword will be displayedautomatically.
7/31/2019 3Com Switch 8800 Family Configuration Guide
30/881
30 CHAPTER 2: COMMAND LINE INTERFACE
7 To switch to the Chinese display for the above information, perform thelanguage-mode command.
DisplayingCharacteristics of
Command Line
Command line interface provides the following display characteristics:
For users convenience, the instruction and help information can be displayedin both English and Chinese.
For the information to be displayed exceeding one screen, pausing function isprovided. In this case, users can have three choices, as shown in the tablebelow.
History Command ofCommand Line
Command line interface provides the function similar to that of DosKey. Thecommands entered by users can be automatically saved by the command lineinterface and you can invoke and execute them at any time later. Historycommand buffer is defaulted as 10. The operations are shown in the table below.
nCursor keys can be used to retrieve the history commands in Windows 3.XTerminal and Telnet. However, in Windows 9X HyperTerminal, the cursor keys and do not work, because Windows 9X HyperTerminal defines the two keysdifferently. In this case, use the combination keys and insteadfor the same purpose.
Common Command Line
Error Messages
All the input commands by users can be correctly executed, if they have passed
the grammar check. Otherwise, error messages will be reported to users. Thecommon error messages are listed in the following table.
Table 3 Functions of displaying
Key or Command Function
Press when the display pauses Stop displaying and executing command.
Enter a space when the display pauses Continue to display the next screen ofinformation.
Press when the display pauses
Continue to display the next line of
information.
Table 4 Retrieve history command
Operation Key Result
Display history command display history-command Display history command byuser inputting
Retrieve the previous historycommand Up cursor key or Retrieve the previous historycommand, if there is any.
Retrieve the next historycommand
Down cursor key or
Retrieve the next historycommand, if there is any.
Table 5 Common command line error messages
Error messages Causes
Unrecognized command
Cannot find the command.
Cannot find the keyword.
Wrong parameter type.
The value of the parameter exceeds the range.
7/31/2019 3Com Switch 8800 Family Configuration Guide
31/881
Features and Functions of Command Line 31
Editing Characteristics ofCommand Line
Command line interface provides the basic command editing function andsupports to edit multiple lines. A command cannot longer than 256 characters.See the table below.
Incomplete command The input command is incomplete.
Too many parameters Enter too many parameters.
Ambiguous command The parameters entered are not specific.
Table 5 Common command line error messages
Error messages Causes
Table 6 Editing functions
Key Function
Common keysInsert from the cursor position and the cursormoves to the right, if the edition buffer stillhas free space.
Backspace
Delete the character preceding the cursor and
the cursor moves backward.Leftwards cursor key or Move the cursor a character backward
Rightwards cursor key or Move the cursor a character forward
Up cursor key or
Down cursor key or Retrieve the history command.
Press after typing the incomplete keyword and the system will execute the partialhelp: If the key word matching the typed oneis unique, the system will replace the typedone with the complete key word and display itin a new line; if there is not a matched keyword or the matched key word is not unique,the system will do no modification but display
the originally typed word in a new line.
7/31/2019 3Com Switch 8800 Family Configuration Guide
32/881
32 CHAPTER 2: COMMAND LINE INTERFACE
7/31/2019 3Com Switch 8800 Family Configuration Guide
33/881
3LOGGINGINTO SWITCH
Setting UpConfigurationEnvironment throughthe Console Port
Step 1: As shown in the figure below, to set up the local configurationenvironment, connect the serial port of a PC (or a terminal) to the Console port ofthe switch with the Console cable.
Figure 1 Set up the local configuration environment through the Console port
Step 2: Run a terminal emulator (such as Terminal of Windows 3X orHyperTerminal of Windows 9X) on the computer. Set the terminal communicationparameters as follows: Set "Bits per second" to "9600", "Data bits" to "8","Parity" to "none", "Stop bits" to "1", and "Flow control" to "none", and selectthe "VT100" as the terminal type.
Figure 2 Set up new connection
Console port
RS-232 Serial port
Console cable
7/31/2019 3Com Switch 8800 Family Configuration Guide
34/881
34 CHAPTER 3: LOGGINGINTO SWITCH
Figure 3 Configure the port for connection
Figure 4 Set communication parameters
Step 3: The switch is powered on. Display self-test information of the switch andprompt you to press Enter to show the command line prompt such as .
Step 4: Input a command to configure the switch or view the operation state.Input a "?" for help. For details of specific commands, refer to the followingchapters.
Setting upConfigurationEnvironment throughTelnet
Connecting a PC to theSwitch through Telnet
After you have correctly configured IP address of a VLAN interface for a switch viaConsole port (using ip address command in VLAN interface view), and added theport (that connects to a terminal) to this VLAN (using port command in VLANview), you can telnet this switch and configure it.
7/31/2019 3Com Switch 8800 Family Configuration Guide
35/881
Setting up Configuration Environment through Telnet 35
Step 1: Before logging into the switch through telnet, you need to configure theTelnet user name and password on the switch through the console port.
nBy default, the password is required for authenticating the Telnet user to log in tothe switch. If a user logs in via the Telnet without password, he will see the prompt"Login password has not been set !".
system-view
Enter system view , return user view with Ctrl+Z.
[SW8800] user-interface vty 0
[3Com-ui-vty0] set authentication password simple xxxx (xxxx is the
login password of Telnet user)
Step 2: To set up the configuration environment, connect the Ethernet port of thePC to that of the switch via the LAN, as shown in Figure 5.
Figure 5 Set up configuration environment through telnet
Step 3: Run Telnet on the PC and input the IP address of the VLAN connected to
the PC port, as shown in Figure 6.
Figure 6 Run Telnet
Step 4: The terminal displays "Login authentication!" and prompts the user toinput the logon password. After you input the correct password, it displays thecommand line prompt (such as ). If the prompt "All user interfaces areused, please try later! The connection was closed by the remote host!" appears, itindicates that the maximum number of Telnet users that can be accessed to theswitch is reached at this moment. In this case, please reconnect later. At most 5Telnet users are allowed to log on to the 3Com series switches simultaneously.
Step 5: Use the corresponding commands to configure the switch or to monitorthe running state. Enter "?" to get the immediate help. For details of specificcommands, refer to the following chapters.
Workstation
WorkstationServer PC ( for configuring the switch
via Telnet )
Ethernet port
Ethernet
Workstation
WorkstationServer PC ( for configuring the switch
via Telnet )
Ethernet port
Ethernet
7/31/2019 3Com Switch 8800 Family Configuration Guide
36/881
36 CHAPTER 3: LOGGINGINTO SWITCH
n When configuring the switch via Telnet, do not modify the IP address of it
unless necessary, for the modification might cut the Telnet connection.
By default, when a Telnet user passes the password authentication to log on tothe switch, he can access the commands at Level 0.
Accessing a Switchthrough another Switch
via Telnet
After a user has logged in to a switch, he or she can configure another switchthrough the switch via Telnet. The local switch serves as Telnet client and the peerswitch serves as Telnet server. If the ports connecting these two switches are in asame local network, their IP addresses must be configured in the same networksegment. Otherwise, the two switches must establish a route that can reach eachother.
As shown in the figure below, after you telnet to a switch, you can run telnetcommand to log in and configure another switch.
Figure 7 Provide Telnet Client service
Step 1: Configure the Telnet user name and password on the Telnet Serverthrough the console port.
nBy default, the password is required for authenticating the Telnet user to log in to
the switch. If a user logs in via the Telnet without password, he will see the prompt"Login password has not been set !.".
system-view
System View: return to User View with Ctrl+Z[SW8800] user-interface vty 0
[3Com-ui-vty0] set authentication password simple xxxx (xxxx is the
login password of Telnet user)
Step 2: The user logs in the Telnet Client (switch). For the login process, refer tothe section describing "Connecting a PC to the Switch through Telnet".
Step 3: Perform the following operations on the Telnet Client:
telnet xxxx (xxxx can be the hostname or IP address of the Telnet Server. If it is the hostname, you need to use the ip host command to specify.)
Step 4: Enter the preset login password and you will see the prompt such. If the prompt "All user interfaces are used, please try later! Theconnection was closed by the remote host!" appears, it indicates that themaximum number of Telnet users that can be accessed to the switch is reached atthis moment. In this case, please connect later.
Step 5: Use the corresponding commands to configure the switch or view itrunning state. Enter "?" to get the immediate help. For details of specificcommands, refer to the following chapters.
Telnet ClientPC Telnet Server
7/31/2019 3Com Switch 8800 Family Configuration Guide
37/881
Setting Up Configuration Environment through Modem Dial-up 37
Setting UpConfigurationEnvironment throughModem Dial-up
Step 1: The modem user is authenticated via the Console port of the switch beforehe or she logs in to the switch through a dial-up Modem.
n By default, the password is required for authenticating the Modem user to log into the switch. If a user logs in via the Modem without password, he or she will seethe prompt "Login password has not been set !.".
system-view
System View: return to User View with Ctrl+Z..
[SW8800] user-interface aux 0
[3Com-ui-aux0] set authentication password simple xxxx (xxxx is the
login password of the Modem user.)
Step 2: As shown in the figure below, to set up the remote configurationenvironment, connect the Modems to a PC (or a terminal) serial port and theswitch AUX port respectively.
Figure 8 Set up remote configuration environment
Step 3: Dial for connection to the switch, using the terminal emulator and Modemon the remote end. The number dialed shall be the telephone number of theModem connected to the switch. See the two figures below.
Figure 9 Set the dialed number
7/31/2019 3Com Switch 8800 Family Configuration Guide
38/881
38 CHAPTER 3: LOGGINGINTO SWITCH
Figure 10 Dial on the remote PC
Step 4: Enter the preset login password on the remote terminal emulator and waitfor the prompt such as . Then you can configure and manage theswitch. Enter "?" to get the immediate help. For details of specific commands,
refer to the following chapters.
nBy default, when a Modem user logs in, he can access the commands at Level 0.
7/31/2019 3Com Switch 8800 Family Configuration Guide
39/881
4USER INTERFACE CONFIGURATION
User InterfaceOverview
To facilitate system management, the switches support user interface basedconfiguration for the configuration and management of port attributes. Presently,the Switch 8800 Family series switches support the following user interface basedconfiguration methods:
Local configuration via the Console port and AUX port
Local and remote configuration through Telnet on Ethernet port
Remote configuration through dialing with modem via the AUX port.According to the above-mentioned configuration methods, there are three typesof user interfaces:
Console user interface
Console user interface is used to log in to the switch via the Console port. Aswitch can only have one Console user interface.
AUX user interface
AUX user interface is used to log in to the switch locally or remotely with a modem
via the AUX port. A switch can only have one AUX user interface. The localconfiguration for it is similar to that for the Console user interface.
VTY user interface
VTY user interface is used to telnet the switch. A switch can have up to five VTYuser interface.
User interface is numbered in the following two ways: absolute number andrelative number.
Absolute number
The user interfaces of the Switch 8800 Family routing switch include three types,which are sequenced as follows: console interface (CON), auxiliary interface (AUX)and virtual interface (VTY). A switch has one CON, one AUX and multiple VTYs.The first absolute number is designated as 0; the second one is designated as 1;and so on. This method can specify a unique user interface or a group ofinterfaces.
It follows the rules below.
Console user interface is numbered as the first interface designated as userinterface 0.
7/31/2019 3Com Switch 8800 Family Configuration Guide
40/881
40 CHAPTER 4: USER INTERFACE CONFIGURATION
AUX user interface is numbered as the second interface designated as userinterface 1.
VTY is numbered after AUX user interface. The absolute number of the firstVTY is incremented by 1 than the AUX user interface number.
Relative numberThe relative number is in the format of "user interface type" + "number". The"number" refers to the internal number for each user interface type. This methodcan only specify one interface or one group of interfaces for a user interface typeinstead of different user interface types.
It follows the rules below:
Number of Console user interface: console 0.
Number of AUX user interface: AUX 0.
Number of VTY: The first VTY interface is designated as VTY 0; the second one
is designated as VTY 1, and so on.
User InterfaceConfiguration
The following sections describe the user interface configuration tasks.
Entering User Interface View
Define the Login Header
Configuring Asynchronous Port Attributes
Configuring Terminal Attributes
Managing Users
Configuring Modem Attributes
Configuring Redirection
Entering User InterfaceView
The following command is used for entering a user interface view. You can enter asingle user interface view or multi user interface view to configure one or moreuser interfaces respectively.
Perform the following configuration in system view.
Define the Login Header The following command is used for configuring the displayed header when userlogin.
When the users log in to the switch, if a connection is activated, the login headerwill be displayed. After the user successfully logs in the switch, the shell headerwill be displayed.
Perform the following configuration in system view.
Table 7 Enter user interface view
Operation Command
Enter a single user interface view or multi user
interface views
user-interface [ type ] first-number[
last-number]
7/31/2019 3Com Switch 8800 Family Configuration Guide
41/881
User Interface Configuration 41
Note that if you press after typing any of the three keywords shell, loginand incoming in the command, then what you type after the word header is thecontents of the login information, instead of identifying header type.
ConfiguringAsynchronous Port
Attributes
The following commands can be used for configuring the attributes of theasynchronous port in asynchronous interactive mode, including speed, flowcontrol, parity, stop bit and data bit.
Perform the following configurations in user interface (Console and AUX userinterface only) view.
Configuring the transmission speed
By default, the transmission speed on an asynchronous port is 9600bps.
Configuring flow control
By default, the flow control on an asynchronous port is none, that is, no flowcontrol will be performed.
Configuring parity
By default, the parity on an asynchronous port is none, that is, no parity bit.
Configuring the stop bit
Table 8 Configure the login header.
Operation Command
Configure the login header header [ shell | incoming | login ] text
Remove the login header configured undo header [ shell | incoming | login ]
Table 9 Configure the transmission speed
Operation Command
Configure the transmission speed speedspeed-value
Restore the default transmission speed undo speed
Table 10 Configure flow control
Operation CommandConfigure the flow control flow-control { hardware | none | software }
Restore the default flow control mode undo flow-control
Table 11 Configure parity
Operation Command
Configure parity mode parity { even | mark | none | odd | space }
Restore the default parity mode undo parity
Table 12 Configure the stop bit
Operation Command
Configure the stop bit stopbits { 1 | 1.5 | 2 }
Restore the default stop bit undo stopbits
7/31/2019 3Com Switch 8800 Family Configuration Guide
42/881
42 CHAPTER 4: USER INTERFACE CONFIGURATION
By default, an asynchronous port supports 1 stop bit.
Note that setting 1.5 stop bits is not available on Switch 8800 Family series atpresent.
Configuring the data bit
By default, an asynchronous port supports 8 data bits.
Configuring TerminalAttributes
The following commands can be used for configuring the terminal attributes,including enabling/disabling terminal service, disconnection upon timeout,lockable user interface, configuring terminal screen length and history command
buffer size.
Perform the following configuration in user interface view. Perform lockcommand in user view.
Enabling/disabling terminal service
After the terminal service is disabled on a user interface, you cannot log in to theswitch through the user interface. However, the user logged in through the userinterface before disabling the terminal service can continue his operation. Aftersuch user logs out, he cannot log in again. In this case, a user can log in to theswitch through the user interface only when the terminal service is enabled again.
By default, terminal service is enabled on all the user interfaces.
Note the following points:
For the sake of security, the undo shell command can only be used on the userinterfaces other than Console user interface.
You cannot use this command on the user interface via which you log in.
You will be asked to confirm before using undo shell on any legal userinterface.
Configuring idle-timeout
Table 13 Configure the data bit
Operation Command
Configure the data bit databits { 7 | 8 }
Restore the default data bit undo databits
Table 14 Enable/disable terminal service
Operation Command
Enable terminal service shell
Disable terminal service undo shell
Table 15 Configure idle-timeout
Operation Command
Configure idle-timeout idle-timeoutminutes [seconds ]
Restore the default idle-timeout undo idle-timeout
7/31/2019 3Com Switch 8800 Family Configuration Guide
43/881
User Interface Configuration 43
By default, idle-timeout is enabled and set to 10 minutes on all the user interfaces.That is, the user interface will be disconnected automatically after 10 minuteswithout any operation.
idle-timeout 0 means disabling idle-timeout.
Locking user interface
This configuration is to lock the current user interface and prompt the user toenter the password. This makes it impossible for others to operate in the interfaceafter the user leaves.
Setting the screen length
If a command displays more than one screen of information, you can use the
following command to set how many lines to be displayed in a screen, so that theinformation can be separated in different screens and you can view it moreconveniently.
Note that the number of lines that can be displayed in each screen remains thesame when screen-length is set to 1 or 2.
By default, 24 lines (including the multi-screen identifier lines) are displayed in onescreen when the multi-screen display function is enabled .
Use screen-length 0 to disable the multi-screen display function.
Setting the history command buffer size
By default, the size of the history command buffer is 10, that is, 10 historycommands can be saved.
Managing Users The management of users includes the setting of user logon authenticationmethod, level of command which a user can use after logging on, level ofcommand which a user can use after logging on from the specifically userinterface, and command level.
Table 16 Lock user interface
Operation Command
Lock user interface lock
Table 17 Set the screen length
Operation Command
Set the screen length screen-lengthscreen-length
Restore the default screen length undo screen-length
Table 18 Set the history command buffer size
Operation Command
Set the history command buffer size history-command max-sizevalue
Restore the default history command buffer size undo history-command max-size
7/31/2019 3Com Switch 8800 Family Configuration Guide
44/881
44 CHAPTER 4: USER INTERFACE CONFIGURATION
Configuring the authentication method
The following command is used for configuring the user login authenticationmethod to deny the access of an unauthorized user.
Perform the following configuration in user interface view.
By default, terminal authentication is not required for local users log in via theConsole port. However, password authentication is required for local users andremote Modem users to log in via the AUX port, and for Telnet users and the VTYusers to log in through Ethernet port.
n
If the Console port is configured for local password authentication, the user can
directly log in to the system even without a password configured; if other userinterfaces, such as the AUX port and VTY interface, are configured for local
password authentication, users cannot log in to the system without a password.
1 Perform local password authentication to the user interface
Using authentication-mode password command, you can perform localpassword authentication. That is, you need use the command below to configurea login password in order to login successfully.
Perform the following configuration in user interface view.
# Configure for password authentication when a user logs in through a VTY 0 userinterface and set the password to 3Com.
[SW8800] user-interface vty 0
[3Com-ui-vty0] authentication-mode password
[3Com-ui-vty0] set authentication password simple 3Com
2 Perform local or remote authentication of username and password to the userinterface
Using authentication-modescheme [ command-authorization ] command,you can perform local or remote authentication of username and password. Thetype of the authentication depends on your configuration. For detailedinformation, see "Security" section.
In the following example, local username and password authentication areconfigured.
Table 19 Configure the authentication method
Operation Command
Configure the authentication method authentication-mode { password | scheme[ command-authorization ] | none }
Table 20 Configure the local authentication password
Operation Command
Configure the local authentication password set authentication password { cipher |simple }password
Remove the local authentication password undo set authentication password
7/31/2019 3Com Switch 8800 Family Configuration Guide
45/881
User Interface Configuration 45
# Perform username and password authentication when a user logs in throughVTY 0 user interface and set the username and password to zbr and 3Comrespectively.
[3Com-ui-vty0] authentication-mode scheme
[3Com-ui-vty0] quit
[SW8800] local-user zbr[3Com-luser-zbr] password simple 3Com
[3Com-luser-zbr] service-type telnet
3 No authentication
[3Com-ui-vty0] authentication-mode none
nBy default, password is required to be set for authenticating local users andremote Modem users log in via the AUX port, and Telnet users log in throughEthernet port. If no password has been set, the following prompt will be displayed"Login password has not been set !."
If the authentication-mode none command is used, the local and Modem users
via the AUX port and Telnet users will not be required to input password.
Setting the command level used after a user logging in
The following command is used for setting the command level used after a userlogging in.
Perform the following configuration in local-user view.
By default, the specified logon user can access the commands at Level 2.
Setting the command level used after a user logs in from a user interface
You can use the following command to set the command level after a user logs infrom a specific user interface, so that a user is able to execute the commands atsuch command level.
Perform the following configuration in user interface view.
By default, you can access the commands at Level 3 after logging in through theConsole user interface, and the commands at Level 0 after logging in through theAUX or VTY user interface.
Table 21 Set the command level used after a user logging in
Operation Command
Set command level used after a user logging in service-type telnet [ levellevel]
Restore the default command level used after a userlogging in undo service-type telnet
Table 22 Set the command level used after a user logging in from a user interface
Operation Command
Set command level used after a user loggingin from a user interface user privilege levellevel
Restore the default command level used aftera user logging in from a user interface undo user privilege level
7/31/2019 3Com Switch 8800 Family Configuration Guide
46/881
46 CHAPTER 4: USER INTERFACE CONFIGURATION
nWhen a user logs in the switch, the command level that it can access depends ontwo points. One is the command level that the user itself can access, the other isthe set command level of this user interface. If the two levels are different, theformer will be taken. For example, the command level of VTY 0 user interface is 1,however, you have the right to access commands of level 3; if you log in from VTY
0 user interface, you can access commands of level 3 and lower.Setting the command priority
The following command is used for setting the priority of a specified command ina certain view. The command levels include visit, monitoring, configuration, andmanagement, which are identified with 0 through 3 respectively. An administratorassigns authorities as per user requirements.
Perform the following configuration in system view.
Setting input protocol for a user terminal
You can use the following command to set input protocol for a user terminal. Theinput protocol type can be TELNET, SSH or all.
Perform the following configuration in user interface view.
By default, the input protocol type for a user terminal is all.
Configuring ModemAttributes
When logging in the switch via the Modem, you can use the following commandsto configure these parameters.
Perform the following configuration in AUX user interface view.
Table 23 Set the command priority
Operation Command
Set the command priority in a specified view. command-privilege levellevelviewviewcommand
Restore the default command level in aspecified view.
Undo command-privilegeviewviewcommand
Table 24 Set input protocol for a user terminal
Operation Command
Set input protocol for a user terminal protocol inbound { all | telnet | ssh }
Table 25 Configure Modem attributes
Operation Command
Set the interval since the system receives theRING until CD_UP modem timer answerseconds
Restore the default interval since the systemreceives the RING until CD_UP undo modem timer answer
Configure auto answer modem auto-answer
Configure manual answer undo modem auto-answer
Configure to allow call-in modem call-in
Configure to bar call-in undo modem call-in
7/31/2019 3Com Switch 8800 Family Configuration Guide
47/881
User Interface Configuration 47
Configuring Redirection Send command
The following command can be used for sending messages between userinterfaces.
Perform the following configuration in user view.
Auto-execute command
The following command is used to automatically run a command after you log in.After a command is configured to be run automatically, it will be automaticallyexecuted when you log in again.
This command is usually used to automatically execute telnet command on theterminal, which will connect the user to a designated device automatically.
Perform the following configuration in user interface view.
Note the following points:
After executing this command, the user interface can no longer be used tocarry out the routine configurations for the local system. Use this commandwith caution.
Make sure that you will be able to log in to the system in some other way andcancel the configuration, before you use the auto-execute commandcommand and save the configuration.
# Telnet 10.110.100.1 after the user logs in through VTY0 automatically.
[3Com-ui-vty0] auto-execute command telnet 10.110.100.1
When a user logs on via VTY 0, the system will run telnet 10.110.100.1automatically.
Configure to permit call-in and call-out. modem both
Configure to disable call-in and call-out undo modem both
Table 25 Configure Modem attributes
Operation Command
Table 26 Configure to send messages between different user interfaces.
Operation Command
Configure to send messages betweendifferent user interfaces. send { all | number | typenumber}
Table 27 Configure to automatically run the command
Operation Command
Configure to automatically run the command auto-execute commandtext
Configure not to automatically run the command undo auto-execute command
7/31/2019 3Com Switch 8800 Family Configuration Guide
48/881
48 CHAPTER 4: USER INTERFACE CONFIGURATION
Displaying andDebugging UserInterface
After the above configuration, execute display command in any view to displaythe running of the user interface configuration, and to verify the effect of theconfiguration.
Execute free command in user view to release the user interface connection.
Table 28 Display and debug user interface
Operation Command
Release a specified user interface connection free user-interface [ type ] number
Display the user application information of theuser interface display users
[ all ]
Display the physical attributes and someconfigurations of the user interface
display user-interface [ type number|number] [ summary ]
Query history commands selectivelydisplay history-command [Command-Number] [ | { begin | include |exclude } Match-string ]
7/31/2019 3Com Switch 8800 Family Configuration Guide
49/881
5MANAGEMENT INTERFACECONFIGURATION
ManagementInterface Overview
Switch 8800 Family series provides a 10/100Base-TX management interface on theFabric. The management interface can connect a background PC for softwareloading and system debugging, or a remote network management station forremote system management.
ManagementInterfaceConfiguration
The following sections describe management interface configuration tasks.
Configuring interface IP address Enabling/disabling the interface
Setting interface description
Displaying current system information
Test network connectivity (ping, tracert)
See the Port and System Management parts of this manual for details.
cCAUTION: Only the management interface configured with an IP address can runnormally.
7/31/2019 3Com Switch 8800 Family Configuration Guide
50/881
50 CHAPTER 5: MANAGEMENT INTERFACE CONFIGURATION
7/31/2019 3Com Switch 8800 Family Configuration Guide
51/881
6CONFIGURATION FILE MANAGEMENT
Configuration FileManagement
Configuration FileManagement Overview
The management module of configuration file provides a user-friendly operationinterface. It saves the configuration of the switch in the text format of commandline to record the whole configuration process. Thus you can view theconfiguration information conveniently.
The format of configuration file includes:
It is saved in the command format.
Only the non-default constants will be saved
The organization of commands is based on command views. The commands inthe same command mode are sorted in one section. The sections are separatedwith a blank line or a comment line (A comment line begins with exclamationmark "#").
Generally, the sections in the file are arranged in the following order: systemconfiguration, Ethernet port configuration, VLAN interface configuration,routing protocol configuration and so on.
It ends with "end".
The following sections describe configuration file management tasks.
Displaying the Current-Configuration and Saved-Configuration of Switch
Modifying and Saving the Current-Configuration
Erasing Configuration Files from Flash Memory
Configuring the Name of the Configuration File Used for the Next Startup.
Displaying the
Current-Configurationand
Saved-Configuration ofSwitch
When the switch is being powered on, the system will read the configuration files
from Flash Memory for the initialization of the switch. (Such configuration files arecalled saved-configuration files). If there is no configuration file in Flash Memory,the system will begin the initialization with the default parameters. Relative to thesaved-configuration, the configuration in effect during the operating process ofthe system is called current-configuration. You can use the following commandsto display the current-configuration and saved-configuration information of theswitch.
Perform the following configuration in any view.
7/31/2019 3Com Switch 8800 Family Configuration Guide
52/881
52 CHAPTER 6: CONFIGURATION FILE MANAGEMENT
nThe configuration files are displayed in their corresponding saving formats.
Modifying and Savingthe
Current-Configuration
You can modify the current configuration of the switch through the CLI. Use thesave command to save the current-configuration in the Flash Memory, and the
configurations will become the saved-configuration when the system is poweredon for the next time.
Perform the following configuration in user view.
Even if the problems like reboot and power-off occur during , the configurationfile can be still saved to Flash.
Erasing ConfigurationFiles from Flash Memory
The reset saved-configuration command can be used to erase configurationfiles from Flash Memory. The system will use the default configuration parametersfor initialization when the switch is powered on for the next time.
Perform the following configuration in user view.
You may erase the configuration files from the Flash in the following cases:
After being upgraded, the software does not match with the configurationfiles.
The configuration files in flash are damaged. (A common case is that a wrongconfiguration file has been downloaded.)
Configuring the Name ofthe Configuration File
Used for the NextStartup.
Perform the following configuration in user view.
Table 29 Display the configurations of the switch
Operation Command
Display the saved-configuration informationof the switch display saved-configuration
Display the current-configuration informationof the Ethernet switch
displaycurrent-configuration [ controller |interfaceinterface-typeinterface-number|configuration [ configuration ] ] [ | { begin |exclude | include } regular-expression ]
Display the running configuration of thecurrent view display this
Table 30 Save the current-configuration
Operation Command
Save the current-configuration save [ file-name ]
Table 31 Erase configuration files from Flash Memory
Operation Command
Erase configuration files from Flash Memory reset saved-configuration
7/31/2019 3Com Switch 8800 Family Configuration Guide
53/881
Configuration File Management 53
cfgfile is the name of the configuration file and its extension name can be ".cfg".The file is stored in the root directory of the storage devices.
After the above configuration, execute display command in any view to displaythe running of the configuration files, and to verify the effect of the configuration.
Table 32 Configure the name of the configuration file used for the next startup
Operation Command
Configure the name of the configuration fileused for the next startup startup
saved-configurationcfgfile
Table 33 Display the information of the file used at startup
Operation Command
Display the information of the file used at startup display startup
7/31/2019 3Com Switch 8800 Family Configuration Guide
54/881
54 CHAPTER 6: CONFIGURATION FILE MANAGEMENT
7/31/2019 3Com Switch 8800 Family Configuration Guide
55/881
7VLAN CONFIGURATION
VLAN Overview Virtual local area network (VLAN) groups the devices in a LAN logically, notphysically, into segments to form virtual workgroups. IEEE issued the IEEE 802.1Qin 1999 to standardize the VLAN implementations.
The VLAN technology allows network administrators to logically divide a physicalLAN into different broadcast domains or the so-called virtual LANs. Every VLANcontains a group of workstations with the same demands. The workstations,physically separated, are not necessarily on the same physical LAN segment.
You can establish VLANs of the following types on switches:
Port-based
IP multicast-based (A multicast group can be a VLAN.)
Network layer-based (A VLAN can be established by the network layeraddresses or protocols of the hosts.)
With the VLAN technology, the broadcast and unicast traffic within a VLAN willnot be forwarded to other VLANs. This is helpful to control network traffic, savedevice investment, simplify network management and enhance security.
Configuring VLAN The following sections describe VLAN configuration tasks:
Creating/Deleting a VLAN
Specifying a Description Character String for a VLAN or VLAN interface
Naming the Current VLAN
Shutting down/Bringing up a VLAN Interface
Configuring Port-Based VLAN
Creating/Deleting a
VLAN
You can use the following commands to create/delete a VLAN. If the VLAN to be
created exists, the system will enter the VLAN view directly. Otherwise, the systemwill create the VLAN first, and then enter the VLAN view.
Perform the following configuration in system view.
Table 34 Create/Delete a VLAN or VLANs
Operation Command
Create a VLAN and enter the VLAN view vlanvlan-id
Create VLANs in batch vlanvlan-id-list
Delete an VLAN or VLANs undovlan { vlan-id[ tovlan-id] |all }
7/31/2019 3Com Switch 8800 Family Configuration Guide
56/881
56 CHAPTER 7: VLAN CONFIGURATION
cCAUTION:
VLAN 1 is the system-default VLAN and cannot be removed.
VLANs with their ports being VLAN VPN-enabled cannot be removed.
Guest VLANs cannot be deleted.
Protocol-enabled VLANs cannot be deleted.
Specifying a DescriptionCharacter String for a
VLAN or VLAN interface
You can use the following commands to specify a description character string for aVLAN or VLAN interface.
Perform the following configuration in VLAN view or VLAN interface view.
By default, the description character string of a VLAN is the VLAN ID of the VLAN,such as VLAN 0001. The description character string of a VLAN interface is theVLAN interface name, such as Vlan-interface1 Interface.
Naming the CurrentVLAN
You can use the following command to name the current VLAN.
Perform the following configuration in VLAN view.
By default, the name of the current VLAN is its VLAN ID.
Shutting down/Bringingup a VLAN Interface
You can use the following commands to shut down/bring up a VLAN interface.
Perform the following configuration in VLAN interface view.
Shutting down or bringing up a VLAN interface has no effect on the status of anyEthernet port in this VLAN.
By default, when all the Ethernet ports in a VLAN are in the Down state, this VLANinterface is also Down. When there are one or more Ethernet ports in the Up state,this VLAN interface is also Up.
Table 35 Specify a description character string for a VLAN or VLAN interface
Operation Command
Specify a description character string for aVLAN or VLAN interface descriptionstring
Restore the default description of the currentVLAN or VLAN interface undodescription
Table 36 Name the current VLAN
Operation Command
Name the current VLAN name
Restore the default name of the current VLAN undo name
Table 37 Shut down/bring up a VLAN interface
Operation Command
Shut down a VLAN interface shutdown
Bring up a VLAN interface undo shutdown
7/31/2019 3Com Switch 8800 Family Configuration Guide
57/881
Configuring Protocol-Based VLAN 57
Configuring Port-BasedVLAN
You can use the following commands to specify Ethernet ports for a VLAN.
Perform the following configuration in VLAN view.
By default, the system adds all the ports to a default VLAN whose ID is 1.
Note that you can add/remove the trunk and Hybrid ports to/from a VLAN by theport/undo port commands in Ethernet port view, but not in VLAN view.
ConfiguringProtocol-Based VLAN
The following sections describe the protocol-based VLAN configuration tasks:
Creating/Deleting a VLAN Protocol Type
Associating/Dissociating a Port with/from a Protocol-Based VLAN
Creating/Deleting aVLAN Protocol Type
You can use the following commands to create/delete a VLAN protocol type.
Perform the following configuration in VLAN view.
Associating/Dissociatinga Port with/from a
Protocol-Based VLAN
Perform the following configuration in Ethernet port view.
n The port to be associated with a protocol-based VLAN must be of Hybrid type
and in this VLAN.
The same protocol can be configured in the different VLANs, but cannot beconfigured repeatedly in the same VLAN.
A port cannot be associated with different VLANs with the same protocolsconfigured.
Table 38 Specify Ethernet ports for a VLAN
Operation Command
Add Ethernet ports to a VLAN portinterface-list
Remove Ethernet ports from a VLAN undo portinterface-list
Table 39 Create/Delete a VLAN protocol type
Operation Command
Create a VLAN protocol type
protocol-vlan [protocol-index] { at | ipx {ethernetii | llc | raw | snap } | mode {ethernetiietypeetype-id| llc dsapdsap-idssapssap-id| snapetypeetype-id} }
Delete an existing VLAN protocol type undo protocol-vlan {protocol-index[ toprotocol-end] | all }
Table 40 Associate/Dissociate a port with/from a protocol-based VLAN
Operation Command
Associate a port with a protocol-based VLAN port hybrid protocol-vlan vlanvlan-id{vlan-protocol-list|all }
Remove a port from a protocol-based VLAN undo port hybrid protocol-vlan vlan {
vlan-id{ vlan-protocol-list|all } |all }
7/31/2019 3Com Switch 8800 Family Configuration Guide
58/881
58 CHAPTER 7: VLAN CONFIGURATION
You cannot delete a protocol-based VLAN that has ports associated with.
You cannot delete a protocol-based VLAN on a port while the port is associatedwith the VLAN.
Configuring IPSubnet-Based VLAN
The following sections describe the IP subnet-based VLAN configuration tasks: Associating/dissociating a specified port with/from an IP subnet-based VLAN
Configuring an IP subnet-based VLAN
Associating/Dissociatinga Specified Portwith/from an IP
Subnet-Based VLAN
Use the following commands to associate/dissociate a specified port with/from anIP subnet-based VLAN.
Perform the following configuration in Ethernet port view.
Configuring/deleting anIP Subnet-Based VLAN
Perform the following configuration in VLAN view.
Configure the CPUPort in an VLAN
The CPU is a special port in the Switch 8800 Family series routing switches. Bydefault, because the CPU port is in a VLAN, when common broadcast packets andunknown multicast packets are broadcast within a VLAN, these packets will alsobe broadcast to the CPU. To prevent waste of CPU resources, you can move theCPU port out of the VLAN, so that common broadcast packets and unknownmulticast packets will not be handed to the CPU for processing.
You can use the following command to move the CPU port out of the VLAN.
Perform the following configuration in VLAN view.
By default, the CPU port is in the VLAN.
Table 41 Associate/dissociate a port with/from an IP subnet-based VLAN
Operation Command
Associate a specified port