http://www.bgp4.net/wiki/doku.php?id=tools:ipv4_route_servers
Thanks to cisco and juniper devices making bgp stable.
Thursday, June 13, 2013
Monday, June 10, 2013
Qos in Msr routers (it not good as cisco)
H3C>dis cur
#
version 5.20, Release 1910P02, Standard
#
sysname H3C
#
domain default enable system
#
telnet server enable
#
dar p2p signature-file cfa0:/p2p_default.mtd
#
port-security enable
#
acl number 2000
rule 0 permit
#
acl number 3500
rule 0 permit ip source 192.168.1.110 0
acl number 3501
rule 0 permit ip destination 192.168.1.110 0
acl number 3600
rule 0 permit ip source 192.168.1.111 0
acl number 3601
rule 0 permit ip destination 192.168.1.111 0
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier yewu-3600 operator and
if-match acl 3600
traffic classifier shipin1-3501 operator and
if-match acl 3501
traffic classifier yewu1-3601 operator and
if-match acl 3601
traffic classifier shipin-3500 operator and
if-match acl 3500
#
traffic behavior yewu-3600
queue af bandwidth 2048 //??????,??????????
traffic behavior shipin1-1536
queue af bandwidth 1536
car cir 2048 cbs 128000 ebs 0 green pass red discard //????? 2M
traffic behavior yewu1-2048
queue af bandwidth 2048
traffic behavior shipin-1536
queue af bandwidth 1536
car cir 2048 cbs 128000 ebs 0 green pass red discard //cbs??cir?7-10?
#
qos policy qose0-0
classifier shipin-3500 behavior shipin-1536
classifier yewu-3600 behavior yewu-3600
qos policy qose0-1
classifier shipin1-3501 behavior shipin1-1536
classifier yewu1-3601 behavior yewu1-2048
#
user-group system
#
local-user admin
password simple admin
authorization-attribute level 3
service-type telnet
#
cwmp
undo cwmp enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
#
interface Ethernet0/0
port link-mode route
nat outbound 2000
qos max-bandwidth 4096 //???????????4M
ip address 192.168.0.222 255.255.255.0
qos reserved-bandwidth pct 100 //?????????????????????
qos lr outbound cir 4096 cbs 256000 ebs 0
qos apply policy qose0-0 outbound
#
interface Ethernet0/1
port link-mode route
qos max-bandwidth 4096
ip address 192.168.1.1 255.255.255.0
qos reserved-bandwidth pct 100
qos lr outbound cir 4096 cbs 256000 ebs 0
qos apply policy qose0-1 outbound
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.100
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface tty 13
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
set authentication password simple admin
#
return
#
version 5.20, Release 1910P02, Standard
#
sysname H3C
#
domain default enable system
#
telnet server enable
#
dar p2p signature-file cfa0:/p2p_default.mtd
#
port-security enable
#
acl number 2000
rule 0 permit
#
acl number 3500
rule 0 permit ip source 192.168.1.110 0
acl number 3501
rule 0 permit ip destination 192.168.1.110 0
acl number 3600
rule 0 permit ip source 192.168.1.111 0
acl number 3601
rule 0 permit ip destination 192.168.1.111 0
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
traffic classifier yewu-3600 operator and
if-match acl 3600
traffic classifier shipin1-3501 operator and
if-match acl 3501
traffic classifier yewu1-3601 operator and
if-match acl 3601
traffic classifier shipin-3500 operator and
if-match acl 3500
#
traffic behavior yewu-3600
queue af bandwidth 2048 //??????,??????????
traffic behavior shipin1-1536
queue af bandwidth 1536
car cir 2048 cbs 128000 ebs 0 green pass red discard //????? 2M
traffic behavior yewu1-2048
queue af bandwidth 2048
traffic behavior shipin-1536
queue af bandwidth 1536
car cir 2048 cbs 128000 ebs 0 green pass red discard //cbs??cir?7-10?
#
qos policy qose0-0
classifier shipin-3500 behavior shipin-1536
classifier yewu-3600 behavior yewu-3600
qos policy qose0-1
classifier shipin1-3501 behavior shipin1-1536
classifier yewu1-3601 behavior yewu1-2048
#
user-group system
#
local-user admin
password simple admin
authorization-attribute level 3
service-type telnet
#
cwmp
undo cwmp enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
#
interface Ethernet0/0
port link-mode route
nat outbound 2000
qos max-bandwidth 4096 //???????????4M
ip address 192.168.0.222 255.255.255.0
qos reserved-bandwidth pct 100 //?????????????????????
qos lr outbound cir 4096 cbs 256000 ebs 0
qos apply policy qose0-0 outbound
#
interface Ethernet0/1
port link-mode route
qos max-bandwidth 4096
ip address 192.168.1.1 255.255.255.0
qos reserved-bandwidth pct 100
qos lr outbound cir 4096 cbs 256000 ebs 0
qos apply policy qose0-1 outbound
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.100
#
load xml-configuration
#
load tr069-configuration
#
user-interface con 0
user-interface tty 13
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
set authentication password simple admin
#
return
MSR 2010 Configure static routing + PPPOE Internet
#
Version 5.20, Release 1719
#
sysname H3C
#
??domain Default enable system
#
enable DNS proxy
DNS Server 202.103.44.150
DNS Server 202.103.0.117
#
acl number 2000
rule 0 permit 192.168.1.0 0.0.0.255 Source
deny rule 1
#
vlan 1
#
domain system
authentication ppp local
Access-limit disable
State Active
idle-cut disable
self-service-url disable
IP pool 1 192.168.1.2 192.168.1.250
#
dhcp-pool 0 Server IP
Network 192.168.10.0 mask 255.255.255.0
192.168.10.254 Gateway-List
List 202.103.44.150 DNS-
domain-name fgj
expired Day 10 hour 12
#
user-group system
#
local-user A101
Password simple six hundred and twenty-nine thousand four hundred and seventy-six
#
interface AUX0
async mode Flow
link-protocol ppp
#
interface Ethernet0 / 0
Port link-mode route
Description LAN
NAT outbound
NAT outbound 2000
PPPoE-Server bind Virtual-Template 1
IP address 58.51.60.88 255.255.255.128
#
interface Virtual-Template1
ppp authentication-mode pap
ppp chap user e111
ppp ipcp remote-address Forced
ppp ipcp DNS 202.103.44.150 202.103.0.117
remote address pool 1
IP address 192.168.1.1 255.255.255.0
#
interface Virtual-Ethernet
#
interface NULL0
#
interface Vlan-interface 1
PPPoE-Server bind Virtual-Template 1
#
interface Ethernet0 / 1
Port link-mode Bridge
#
interface Ethernet0 / 2
Port link Bridge-mode
#
interface Ethernet0 / 3
Port link-mode Bridge
#
interface Ethernet0 / 4
Port link-mode Bridge
#
IP route-static 0.0.0.0 0.0.0.0 58.51.60.1
#
dhcp enable
#
NMS primary Monitor-interface Ethernet0 / 0
#
user-interface aux 0
user-interface vty 0 4
#
return
int vlan 1
IP address 192.168.10.254 24
#
Version 5.20, Release 1719
#
sysname H3C
#
??domain Default enable system
#
enable DNS proxy
DNS Server 202.103.44.150
DNS Server 202.103.0.117
#
acl number 2000
rule 0 permit 192.168.1.0 0.0.0.255 Source
deny rule 1
#
vlan 1
#
domain system
authentication ppp local
Access-limit disable
State Active
idle-cut disable
self-service-url disable
IP pool 1 192.168.1.2 192.168.1.250
#
dhcp-pool 0 Server IP
Network 192.168.10.0 mask 255.255.255.0
192.168.10.254 Gateway-List
List 202.103.44.150 DNS-
domain-name fgj
expired Day 10 hour 12
#
user-group system
#
local-user A101
Password simple six hundred and twenty-nine thousand four hundred and seventy-six
#
interface AUX0
async mode Flow
link-protocol ppp
#
interface Ethernet0 / 0
Port link-mode route
Description LAN
NAT outbound
NAT outbound 2000
PPPoE-Server bind Virtual-Template 1
IP address 58.51.60.88 255.255.255.128
#
interface Virtual-Template1
ppp authentication-mode pap
ppp chap user e111
ppp ipcp remote-address Forced
ppp ipcp DNS 202.103.44.150 202.103.0.117
remote address pool 1
IP address 192.168.1.1 255.255.255.0
#
interface Virtual-Ethernet
#
interface NULL0
#
interface Vlan-interface 1
PPPoE-Server bind Virtual-Template 1
#
interface Ethernet0 / 1
Port link-mode Bridge
#
interface Ethernet0 / 2
Port link Bridge-mode
#
interface Ethernet0 / 3
Port link-mode Bridge
#
interface Ethernet0 / 4
Port link-mode Bridge
#
IP route-static 0.0.0.0 0.0.0.0 58.51.60.1
#
dhcp enable
#
NMS primary Monitor-interface Ethernet0 / 0
#
user-interface aux 0
user-interface vty 0 4
#
return
int vlan 1
IP address 192.168.10.254 24
#
GVRP,VTP protocol and Trunk technology.GVRP=VTP
GVRP, VTP
protocol and Trunk technology
GVRP, VTP protocol and Trunk technology among many similarities:
they all belong to the second floor agreement or Layer; in these three specific
configuration commands, involving most aspects of the configuration VLAN
configuration is; three wide range of applications are designed to streamline
the network maintenance personnel to configure and manage network devices, for
frequent and extensive use of the command. But
between them, they are fundamentally different, following on the three
examples, respectively, its comprehensive introduction.
One, GVRP on the switch application in H3C
GVRP (GARP VLAN Registration Protocol, GARP VLAN Registration
Protocol) is a GARP (Generic Attribute Registration Protocol, Generic Attribute
Registration Protocol) for an application. GARP
applications include GMRP and GVRP, which GMRP (GARP Multicast Registration
Protocol, GARP Multicast Registration Protocol) is based on a GARP Multicast
Registration Protocol. Used to
maintain the switch multicast registration information. While maintaining device GVRP dynamic
VLAN registration information and propagates the information to other devices.
GVRP enabled device can receive data from other devices VLAN
registration information, and dynamically update the local VLAN registration information,
including the current VLAN members, ports through which the VLAN members can be
reached. It thus ensures that
local VLAN registration information to other devices communication so that all
the devices within the same LAN VLAN information. VLAN registration information
propagated by GVRP includes both manually configured local static registration
information, but also from other devices dynamic registration information. Here's an example introduction through
GVRP protocol on the application of the H3C switch.
Figure 1 three H3C S3100 switch twenty-two Internet icon
Shown in Figure 1, three
switch models are H3C S3100-52TP-SI, twenty-two interconnection. The
connections between the devices are as follows:
1.
S3100-A Eth 1/0/1 < ----- > S3100-B Eth 1/0/1
2.
S3100-B Eth 1/0/2 < ----- > S3100-C Eth 1/0/1
3.
S3100-C Eth 1/0/2 < ----- > S3100-A Eth 1/0/2
In the configuration on
S3100-A:
1.
[S3100-A] gvrp
2.
/ / Enable GVRP
globally, by default, the global GVRP is disabled
3.
[S3100-A] interface
ethernet 1/0/1
4.
[S3100-A-Ethernet1/0/1]
port link-type trunk
5.
[S3100-A-Ethernet1/0/1]
port trunk permit vlan all
6.
[S3100-A] interface
ethernet 1/0/2
7.
[S3100-A-Ethernet1/0/2]
port link-type trunk
8.
[S3100-A-Ethernet1/0/2]
port trunk permit vlan all
9.
/ / The two Ethernet
ports Ethernet1/0/1 and Ethernet1/0/2 as a Trunk port and allows all VLAN
through
10.[S3100-A-Ethernet1/0/1] gvrp
11.[S3100-A-Ethernet1/0/2] gvrp
12./ / In the two functions enable GVRP on the Trunk port, by default
port GVRP is disabled
13.[S3100-A] vlan 2
14./ / Configure static VLAN2
15.In the configuration on S3100-B:
16.[S3100-B] gvrp
17./ / Enable GVRP globally
18.[S3100-B] interface ethernet 1/0/1
19.[S3100-B-Ethernet1/0/1] port link-type trunk
20.[S3100-B-Ethernet1/0/1] port trunk permit vlan all
21.[S3100-B] interface ethernet 1/0/2
22.[S3100-B-Ethernet1/0/2] port link-type trunk
23.[S3100-B-Ethernet1/0/2] port trunk permit vlan all
24./ / The two Ethernet ports Ethernet1/0/1 and Ethernet1/0/2 as a
Trunk port and allows all the VLAN.
25.[S3100-B-Ethernet1/0/1] gvrp
26.[S3100-B-Ethernet1/0/2] gvrp
27./ / In the two Enable GVRP on the Trunk port function
28.[S3100-B-Ethernet1/0/2] gvrp registration fixed
29./ / Configure port registration mode is Fixed, default, GVRP port
registration mode to Normal
30.[S3100-B] vlan 3
31./ / Configure static VLAN3
32.In the configuration on S3100-C:
33.[S3100-C] gvrp
34./ / Enable GVRP globally
35.[S3100-C] interface ethernet 1/0/1
36.[S3100-C-Ethernet1/0/1] port link-type trunk
37.[S3100-C-Ethernet1/0/1] port trunk permit vlan all
38.[S3100-C] interface ethernet 1/0/2
39.[S3100-C-Ethernet1/0/2] port link-type trunk
40.[S3100-C-Ethernet1/0/2] port trunk permit vlan all
41./ / The two Ethernet ports Ethernet1/0/1 and Ethernet1/0/2 as a
Trunk port and allows all the VLAN.
42.[S3100-C-Ethernet1/0/1] gvrp
43.[S3100-C-Ethernet1/0/2] gvrp
44./ / Enable GVRP on the Trunk port function
45.[S3100-C-Ethernet1/0/1] gvrp registration forbidden
46.[S3100-C-Ethernet1/0/2] gvrp registration forbidden
47./ / Configure the two ports are Forbidden registration mode
48.[S3100-C] vlan 4
49./ / Configure static VLAN4
hese three H3C configuration commands on the switch looked like
the same, but in fact in the most critical areas will have subtle differences. Mainly in the configuration port
registration mode, three ports on the switch configuration is not the same. S3100-A of the two ports is no special
configuration register mode, but is used by default Normal mode, so the S3100-A
of Ethernet1/0/1 and Ethernet1/0/2 port registration mode is Normal; S3100-B on
Ethernet1/0/1 no special configuration register mode, so it is also the Normal
mode, and S3100-B of Ethernet1/0/2 port registration mode configuration into
Fixed mode; S3100-C became a two-port configuration on Forbidden mode. So that several ports in the actual
operation, the propagation of VLAN mechanism will vary.
You can use the command "display vlan dynamic" to see
the validation of each port operating mechanism, the dynamic parameters of the
command is to display the system dynamically created VLAN number and number,
dynamic VLAN through GVRP is generated under or through Radius server hair
VLAN. Below is performed
separately on all three switches "display vlan dynamic" display
results:
1. [S3100-A] display vlan dynamic
2. Now, the following dynamic VLAN exist (s):
3. 3
4. / / Display the S3100-A dynamic VLAN information on
5. [S3100-B] display vlan dynamic
6. Now, the following dynamic VLAN exist (s):
7. 2
8. / / Display the S3100-B dynamic VLAN information on
9. [S3100-C] display vlan dynamic
10.Now, the following dynamic VLAN exist (s):
11.No dynamic vlans exist!
12./ / Display the S3100-C dynamic VLAN information on
The output from the above results can be seen, S3100-A and S3100-B
can be exchanged between the two switches are created VLAN, this is because the
Ethernet1/0/1 S3100-A and S3100-B's Ethernet1 / 0 / a port of registration mode
is Normal mode, this mode allows the port to dynamically register and propagate
dynamic and static VLAN information. But
in the S3100-A and S3100-B is not visible on the two switches S3100-C switch
created VLAN 4, while S3100-C, also see S3100-A and S3100-B VLAN created two
switches 2 and VLAN 3 information, this is because although respectively
S3100-A and S3100-B's Ethernet1/0/2 port configured on Normal and Fixed mode,
but the S3100-C two ports registered patterns are Forbidden, so the S3100 -C
and the other between the two switches will not exchange all outside except
VLAN 1 VLAN information. Port
GVRP registration mode has the following three:
Normal mode: Allows the port to dynamically register and
deregister VLAN, dynamic and static VLAN propagate information.
Fixed Mode: Disables the port to dynamically register and
deregister VLAN, only propagate a static VLAN information is not propagated
dynamic VLAN information. That is
set to Fixed mode Trunk port allows all VLAN even pass through a VLAN can only
be manually configured that part.
Forbidden Mode: Disables the port to dynamically register and
deregister VLAN, VLAN1 does not propagate anything other VLAN information. That is configured to Forbidden -
Trunk port even allows all VLAN to pass through a VLAN can only be VLAN1.
In addition, through a number of "display gvrp" command
to display GVRP configuration, operation, or view the display and verify the
configuration. Command is as
follows:
1. [H3C-S3100] display gvrp status
2. / / Display the global GVRP status information
3. [H3C-S3100] display gvrp statistics [interface interface-list]
4. / / Display the GVRP statistics
5. [H3C-S3100] display gvrp state interface interface-type interface-number vlan vlan-id
6. / / Display the GVRP state machine information
7. [H3C-S3100] display gvrp vlan-operation interface interface-type interface-number
8. / / Display current information about dynamic VLAN operations
Subscribe to:
Posts (Atom)
Optimization of fortigate IPS
IPS signature need select according to infrastructure environment Eg:- if we are not have Linux servers this ips signature can disable (d...
-
DNS configuration set system name-server 202.83.21.12 set system name-server 202.83.20.102 Policy Command Equal to cisco network co...
-
Juniper hardware/Software diagnostics commands show version | savefilename show chassishardware | savefilename show chassisenvironment ...
