H3C SecBlade NetStream Card Configuration Examples
|
|
- Nicholas Brooks
- 5 years ago
- Views:
Transcription
1 H3C SecBlade NetStream Card Configuration Examples Copyright 2012 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. The information in this document is subject to change without notice.
2 Contents Software version used 1 Feature overview 1 Application scenarios 1 Configuration considerations 1 IPv4 NetStream configuration example 2 Network requirements 2 Configuration procedures 2 Configuration procedures without NetStream sampling enabled 2 Configuration procedures with NetStream sampling enabled 19 IPv6 NetStream configuration example 23 Network requirements 23 Configuration procedures 24 Configuring S7500E 24 Configuring the NS card 25 Related documentation 31 i
3 Software version used This document describes the example for the H3C SecBlade NetStrearm cards (Release 3109) installed on the H3C S7500E switches. The configuration examples also apply to the H3C SecBlade NetStream cards installed on the H3C S9500E and S12500 switches. The configuration examples in this document were created and verified in a lab environment, and all the devices started with the factory default configuration. If you are working in a live network, make sure you understand the potential impact of every command on your network. Feature overview NetStream is an accounting technology that provides statistics on a per-flow basis. A flow is identified by the following elements: source IP address, destination IP address, source port number, destination port number, protocol number, ToS, and inbound or outbound interface. NetStream provides the statistics for different flows. A typical NetStream system comprises the following parts: NetStream data exporter (NDE) An H3C SecBlade NetStream card (NS card) with NetStream configured acts as an NDE. It analyzes traffic flows that pass through it, collects necessary data from the target flows, and exports the data to the NSC. Before exporting data, the NDE might perform processes on the data, such as aggregation. NetStream collector (NSC) The NSC parses the packets received from the NDE, stores the statistics to the database, and then filters and aggregates the total received data for the NDA. NetStream data analyzer (NDA) The NDA collects statistics from the NSC, performs further process, and generates various types of reports for applications of traffic billing, network planning. H3C IMC-NTA, which supports both NSC and NDA, gathers the data from the NS card and generates reports. Configurations for NetStream involve configurations for the switch, the NS card, and IMC-NTA. The NS card can be installed on the H3C S7500E, S9500E, and S12500 switch. This document uses S7500E as an example, and explains the NS card configuration differences between the S7500E switches and S9500E/S12500 switches. Application scenarios NetStream provides statistics about network traffic flows, and it can be deployed on access, distribution, and core layers. Configuration considerations Configure S7500E to mirror the traffic accounted by NetStream to the 10-GE interface connecting the NS card. Configure the NS card to account the traffic copied to the interface Ten-GigabitEthernet 0/0 and send it to the NSC for analyzing. 1
4 Configure protocol-port aggregation. (Optional.) Configure sampling. (Optional.) Configure the traffic analysis service on the NSC server (IMC-NTA) to account the traffic statistics received from the NS card. IPv4 NetStream configuration example Network requirements As shown in Figure 1, install an NS card in slot 4 of the switch to collect statistics on packets passing through it, and mirror the intranet-to-extranet traffic from source IP addresses belonging to the subnet /16 to the NS card for flow analyzing. GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 on the switch are access ports, and belong to VLAN 10 (the intranet VLAN) and VLAN 20 (the extranet VLAN), respectively. Ten-GigabitEthernet 4/0/1 on the switch is a trunk port and allows packets from all VLANs to pass through. Configure traffic mirroring on GigabitEthernet 2/0/1 to mirror the incoming traffic to Ten-GigabitEthernet 4/0/1. Enable NetStream on Ten-GigabitEthernet 0/0 on the NS card. The statistics on the NS card are sent out of the management interface GigabitEthernet 0/1 to the NSC for analyzing. Figure 1 Network diagram Configuration procedures Configuration procedures without NetStream sampling enabled Configuring S7500E Create VLAN10 and VLAN20, and assign GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 to VLAN 10 and VLAN 20, respectively. <Sysname> system-view 2
5 [Sysname] vlan 10 [Sysname-vlan10] port GigabitEthernet 2/0/1 [Sysname-vlan10] vlan 20 [Sysname-vlan20] port GigabitEthernet 2/0/2 [Sysname-vlan20] quit Create VLAN-interface 10, and assign an IP address to the VLAN-interface. [Sysname]interface Vlan-interface 10 [Sysname-Vlan-interface10] ip address [Sysname-Vlan-interface10]quit [Sysname]interface Vlan-interface 20 [Sysname-Vlan-interface20] ip address [Sysname-Vlan-interface20]quit Configure Ten-GigabitEthernet 4/0/1 as a trunk port, and configure the port to allow packets from VLAN 10 and VLAN 20 to pass through. [Sysname] interface Ten-GigabitEthernet4/0/1 [Sysname-Ten-GigabitEthernet4/0/1] port link-type trunk [Sysname-Ten-GigabitEthernet4/0/1] port trunk permit vlan [Sysname-Ten-GigabitEthernet4/0/1] quit Create ACL 2000 for traffic classification and flitering. [Sysname] acl number 2000 [Sysname-basic-acl-2000] rule 0 permit source [Sysname-basic-acl-2000] quit Create class 1, and use ACL 2000 as the match criterion. [Sysname] traffic classifier 1 [Sysname-classifier-1] if-match acl 2000 [Sysname-classifier-1] quit Create traffic behavior 1, and configure the action of mirroring traffic to Ten-GigabitEthernet 4/0/1 for the traffic behavior. [Sysname] traffic behavior 1 [Sysname-behavior-1] mirror-to interface Ten-GigabitEthernet 4/0/1 [Sysname-behavior-1] quit Create QoS policy 1, and associate traffic class 1 with the traffic behavior 1 in QoS policy 1. [Sysname] qos policy 1 [Sysname-qospolicy-1] classifier 1 behavior 1 [Sysname-qospolicy-1] quit Apply QoS policy 1 to the incoming traffic of the interface GigabitEthernet 2/0/1. [Sysname] interface GigabitEthernet 2/0/1 [Sysname-GigabitEthernet2/0/1] qos apply policy 1 inbound [Sysname-GigabitEthernet2/0/1] quit Enable ACSEI server for the NS card to synchronize the MPU's clock on the switch. [Sysname] acsei server enable Configuring the NS card Configure Ten-GigabitEthernet 0/0 as a trunk port, and configure the port to allow packets from VLAN 10 and VLAN 20 to pass through. <Sysname> system-view 3
6 [Sysname] interface Ten-GigabitEthernet0/0 [Sysname-Ten-GigabitEthernet0/0] port link-type trunk [Sysname-Ten-GigabitEthernet0/0] port trunk permit vlan [Sysname-Ten-GigabitEthernet0/0] quit Create a blackhole-type inline forwarding entry 1. [Sysname] inline-interfaces 1 blackhole Assign Ten-GigabitEthernet 0/0 to the blackhole-type inline forwarding entry 1 for discarding the packets when they are received and processed. [Sysname] interface Ten-GigabitEthernet0/0 [Sysname-Ten-GigabitEthernet0/0] port inline-interfaces 1 Enable NetStream for incoming traffic on Ten-GigabitEthernet 0/0. [Sysname-Ten-GigabitEthernet0/0] ip netstream inbound Enable ACSEI client on Ten-GigabitEthernet 0/0 to synchronize the MPU's clock on the switch. [Sysname-Ten-GigabitEthernet0/0] acsei-client enable [Sysname-Ten-GigabitEthernet0/0] quit Set the destination address for NetStream data export with a destination UDP port. (The destination UDP port number can be 9020, 9021, or 6343.) [Sysname] ip netstream export host Set the aging timers for active flows and inactive flows. (Optional. You can just use the default settings or set the two timers at the same time. Flows age out when either aging timer is reached. The time resolution is 10 seconds.) [Sysname] ip netstream timeout active 1 [Sysname] ip netstream timeout inactive 10 Assign an IP address to GigabitEthernet 0/1, and use the interface to send the traffic statistics to the NSC server. [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] ip address [Sysname-GigabitEthernet0/1] quit Configure a static route destined for the NSC server. [Sysname] ip route-static Configure SNMP parameters for connecting the NSC server (IMC-NTA). [Sysname] snmp-agent community read public [Sysname] snmp-agent community write private [Sysname] snmp-agent sys-info version all Configuring NSC server (IMC-NTA) 1. Log in to the Web page of IMC-NTA. Open a browser (IE, for example), and enter the server address (for example, to enter the login page of IMC-NTA. 4
7 Figure 2 IMC-NTA login page 2. Enter the imc homepage. On the imc login page, enter the default username admin and password admin, and then click Login. 3. Add a monitor: a. On the imc homepage, click the Service tab. The service configuration page appears. Figure 3 Service configuration page 5
8 b. Select Traffic Analysis and Audit > Settings from the navigation tree. The setting page for IMC-NTA appears. Figure 4 Setting page for IMC-NTA c. Click the Device Management link in the Guide to Quick Traffic Analysis And Audit Configuration area to enter the Device Management page. Figure 5 Device management page d. Click Add to enter the Add Device page. 6
9 Figure 6 Adding device e. Select a device in one of the following ways: From the device list Click Select. Select the device required from the dialogue box, and then click Add. Manually adding a device Enter in the Device IP area and the device's name in the Name area. (The device IP is the address of the interface GigabitEthernet 0/1 on the NS card connecting the NSC server.) The device can be the one managed or not managed by the system. f. Configure an SNMP community and an SNMP port. An SNMP community is a read-only community. The default SNMP community for IMC-NTA is public. Enter the SNMP community based on the NS card configurations. Keep the default settings for SNMP community and SNMP port here. g. Configure the source IP for sending logs. When imc cannot obtain information about an interface through SNMP, the source IP for sending logs should be configured. It is the IP address for the interface sending logs. Enter the IP address for GigabitEthernet 0/1 here. h. Select validity for the NetStream statistics identifier. The statistics attribute, 0 or 1, for NetStream V5, identifies the way to collect traffic statistics. When the statistics identifier is valid, 0 means collecting the traffic statistics based on the input interface or VLAN, and 1 means based on the output interface or VLAN. When the statistics identifier is invalid, 0 and 1 both mean collecting the traffic statistics based on the input interface or VLAN and the output interface or VLAN. Select Valid from the NetStream Statistics Identifier list here. i. Select support for NetStream New Feature: NetStream new feature mainly includes the traffic sampling feature for Comware V5. Select the default Enable for the option here. j. Click OK. 7
10 Figure 7 Adding a device 4. Modify configurations on the NSC server, and add the data analyzer server to be monitored to the corresponding NSC server: a. Click the Server Management link in the Settings area to enter the Server List page. Figure 8 Server list page b. Click the Modify icon for a server in the Server List to enter the Server Configuration page. 8
11 Figure 9 Server configuration page c. Use the default settings of the options in the Basic Information area. d. In the Traffic Analysis area, select the monitoring device in the Device Information list. Click Deploy. 5. Add traffic analysis task: a. Click the Traffic Analysis Task Management link in the Guide to Quick Traffic Analysis And Audit Configuration area to enter the Traffic Analysis Task List page. Figure 10 Traffic analysis task list page 9
12 b. Click Add to enter the Select Task Type page. Figure 11 Selecting task type c. Select Interface, and click Next to enter the Add Traffic Analysis Task page. 10
13 Figure 12 Adding traffic analysis task d. Enter SecBladeNS in the Task Name field. e. Select the NSC server to which the device belongs. Enter here. f. Click Select in the Interface Information area to enter the page for adding interfaces. Select interface Ten-GigabitEthernet0/0, and click OK. Figure 13 Interface information page g. On the Add Traffic Analysis Task page, click OK. 11
14 Figure 14 Completing adding traffic analysis task Verifying the configuration Connect port-a and port-b of Smartbits to GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 on the S7500E switch, respectively. Port-a sends UDP packets with the source IP and destination IP Port-b sends UDP packets with the source IP and destination IP View the following information through IMC-NTA: Whole statistics on all traffic analysis tasks Click the Service tab to enter the service configuration page. Select Traffic Analysis and Audit > Interface Traffic Analysis Task from the navigation tree. Figure 15 Interface traffic analysis task page 12
15 You can view the whole statistics on all traffic analysis tasks, including average rate and summary list. Figure 16 Whole statistics on all traffic analysis tasks Whole statistics on all interfaces for a traffic analysis task Select Traffic Analysis and Audit > Interface Traffic Analysis Task from the navigation tree, and click SecBlade NS. Figure 17 SecBlade NS You can view the whole statistics on all interfaces for the traffic analysis task, including information about traffic, application, source host, destination host, and sessions. "Traffic" includes pages for traffic trend, flux distribution in interface, and traffic details. 13
16 Figure 18 Traffic trend Figure 19 Flux distribution in interface Figure 20 Traffic details "Application" displays information about the application layer traffic, and includes pages for application list and application traffic trend. 14
17 Figure 21 Application list and application traffic trend "Source host" displays traffic information based on IP address for the source host. Figure 22 Traffic information for source host "Destination host" displays information based on IP address for the destination host. 15
18 Figure 23 Traffic information for destination host "Session" displays traffic information based on sessions. Figure 24 Traffic information for session host Statistics on an interface for a traffic analysis task Select Traffic Analysis and Audit > Interface Traffic Analysis Task from the navigation tree, and click the Ten-GigabitEthernet0/0 Interface link under the traffic analysis task SecBlade NS to view the statistics on the interface. 16
19 Figure 25 Ten-GigabitEthernet 0/0 Complete configuration You can view the same information about traffic, application, source host, destination host, and session host as the traffic analysis task information. Therefore, it is not described here. 1. S7500E: acsei server enable acl number 2000 rule 0 permit source vlan 10 vlan 20 traffic classifier 1 operator and if-match acl 2000 traffic behavior 1 mirror-to interface Ten-GigabitEthernet4/0/1 qos policy 1 classifier 1 behavior 1 interface Vlan-interface10 ip address interface Vlan-interface20 17
20 ip address interface GigabitEthernet2/0/1 port link-mode bridge port access vlan 10 qos apply policy 1 inbound interface GigabitEthernet2/0/2 port link-mode bridge port access vlan 20 interface Ten-GigabitEthernet4/0/1 port link-mode bridge port link-type trunk port trunk permit vlan NS card: telnet server enable inline-interfaces 1 blackhole vlan 10 vlan 20 interface GigabitEthernet0/1 port link-mode route ip address interface Ten-GigabitEthernet0/0 port link-mode bridge port link-type trunk port trunk permit vlan ip netstream inbound port inline-interfaces 1 acsei-client enable ip route-static snmp-agent snmp-agent local-engineid A D6295F38 snmp-agent community read public snmp-agent community write private snmp-agent sys-info version all ip netstream timeout active 1 ip netstream timeout inactive 10 18
21 ip netstream export host user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme Configuration procedures with NetStream sampling enabled Sampling selects one packet from a fixed number of packets to the NSC for analyzing. The following sampling modes are available: fixed and random. NetStream supports the fixed mode, which selects the first packet from among sequential packets in each sampling for analyzing. The sampling feature of S7500E+NS system is implemented by the NS card for the S7500E swithes do not support sampling. Configuring S7503E The configurations with sampling enabled are the same as those without sampling enabled. Therefore, they are not be decribed here. Configuring the NS card Configure Ten-GigabitEthernet 0/0 as a trunk port, and configure the port to allow packets from VLAN 10 and VLAN 20 to pass through. <Sysname> system-view [Sysname] interface Ten-GigabitEthernet0/0 [Sysname-Ten-GigabitEthernet0/0] port link-type trunk [Sysname-Ten-GigabitEthernet0/0] port trunk permit vlan [Sysname-Ten-GigabitEthernet0/0] quit Create a blackhole-type inline forwarding entry 1. [Sysname] inline-interfaces 1 blackhole Assign Ten-GigabitEthernet 0/0 to the blackhole-type inline forwarding entry 1 for discarding the packets when they are received and processed. [Sysname] interface Ten-GigabitEthernet0/0 [Sysname-Ten-GigabitEthernet0/0] port inline-interfaces 1 Enable NetStream for incoming traffic on Ten-GigabitEthernet 0/0. [Sysname-Ten-GigabitEthernet0/0] ip netstream inbound Enable ACSEI client on Ten-GigabitEthernet 0/0 to synchronize the MPU's clock on the switch. [Sysname-Ten-GigabitEthernet0/0] acsei-client enable [Sysname-Ten-GigabitEthernet0/0] quit Enable NetStream sampling on the NS card. (Enabled by default.) [Sysname] ip netstream sample enable Create a fixed sampler with the name fix-16 and the sampling interval 4, which means sampling one out of 2 4 packets. [Sysname] sampler fix-16 mode fixed packet-interval 4 Enable NetStream sampling in the inbound direction of Ten-GigabitEthernet 0/0 by referencing sampler fix-16. [Sysname] interface Ten-GigabitEthernet 0/0 19
22 [Sysname-Ten-GigabitEthernet0/0] ip netstream sampler fix-16 inbound [Sysname-Ten-GigabitEthernet0/0] quit Set the destination address for NetStream data export with a destination UDP port. (The destination UDP port number can be port 9020, 9021 or 6343.) [Sysname] ip netstream export host Set the aging timers for active and inactive flows. (Optional. You can use the default settings or set the two timers at the same time. Flows age out when either aging timer is reached. The time resolution is 10 seconds.) [Sysname] ip netstream timeout active 1 [Sysname] ip netstream timeout inactive 10 Assign an IP address to GigabitEthernet 0/1, and use the interface to send the traffic statistics to the NSC server. [Sysname-GigabitEthernet0/1] ip address [Sysname-GigabitEthernet0/1] quit Configure a static route destined for the NSC server. [Sysname] ip route-static Configure SNMP parameters for connecting the NSC server (IMC-NTA). [Sysname] snmp-agent community read public [Sysname] snmp-agent community write private [Sysname] snmp-agent sys-info version all Configuring NSC server (IMC-NTA) Select Enable for the NetStream New Feature option. Then the server supports the traffic sampling feature of Comware V5. Other configurations are the same as the configurations on the NSC server (IMC-NTA) without NetStream sampling enabled. Therefore, they are not described here. Verifying the configuration Connect port-a and port-b of Smartbits to GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 on the S7500E switch, respectively. Port-a sends UDP packets with the source IP and destination IP Port-b sends UDP packets with the source IP and destination IP View the information about traffic analysis through IMC-NTA. They are not described here. See "Configuration procedures without NetStream sampling enabled." Complete configuration 1. S7500E: acsei server enable acl number 2000 rule 0 permit source vlan 10 20
23 vlan 20 traffic classifier 1 operator and if-match acl 2000 traffic behavior 1 mirror-to interface Ten-GigabitEthernet4/0/1 qos policy 1 classifier 1 behavior 1 interface Vlan-interface10 ip address interface Vlan-interface20 ip address interface GigabitEthernet2/0/1 port link-mode bridge port access vlan 10 qos apply policy 1 inbound interface GigabitEthernet2/0/2 port link-mode bridge port access vlan 20 interface Ten-GigabitEthernet4/0/1 port link-mode bridge port link-type trunk port trunk permit vlan NS card: sampler fix-16 mode fixed packet-interval 4 telnet server enable inline-interfaces 1 blackhole vlan 10 vlan 20 interface GigabitEthernet0/1 port link-mode route ip address interface Ten-GigabitEthernet0/0 21
24 port link-mode bridge port link-type trunk port trunk permit vlan ip netstream inbound ip netstream sampler fix-16 inbound port inline-interfaces 1 acsei-client enable ip route-static snmp-agent snmp-agent local-engineid A D6295F38 snmp-agent community read public snmp-agent community write private snmp-agent sys-info version all ip netstream timeout active 1 ip netstream timeout inactive 10 ip netstream export host user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme Configuration guidelines S9500E + NetStream and S NetStream implement the configurations of traffic sampling. Both the S9500E switches and S12500 switches support the mirroring and sampling features, so sampling is implemented on the switch side. Disable sampling on the NS card (enabled by default), and configure a sampler with the same sampling interval as the switch. Apply the sampler to the Ten-GigabitEthernet interface for sampling. The following describes the configuration differences between S9500E + NetStream and S7500E + NetStream. Configurations on S NetStream are the same as those on S9500E+ NetStream. Therefore, they are not described here. Configuring the S9500E switch: Create a fixed sampler with the name fix-16 and the sampling interval 4, which means sampling one out of 2 4 packets. [Sysname] sampler fix-16 mode fixed packet-interval 4 Configure local mirroring group 1 to reference the sampler. Apply the sampler to the incoming traffic of GigabitEthernet 2/0/1 for sampling. Mirror the sampled traffic to Ten-GigabitEthernet 1/0/1 connecting the NS card. [Sysname] mirroring-group 1 local sampler fix-16 [Sysname] interface GigabitEthernet 2/0/1 [Sysname-GigabitEthernet2/0/1] mirroring-group 1 mirroring-port inbound [Sysname-GigabitEthernet2/0/1] quit [Sysname] interface Ten-GigabitEthernet 1/0/1 [Sysname-Ten-GigabitEthernet0/0] mirroring-group 1 monitor-port [Sysname-Ten-GigabitEthernet0/0] quit 22
25 Configuring the NS card: Create a sampler with the same mode and same sampling interval as the S9500E switch (the sampling mode fixed, the sampling interval 4). [Sysname] sampler fix-16 mode fixed packet-interval 4 Apply the sampler to the incoming traffic of Ten-GigabitEthernet 0/0 for reporting the statistics to the NSC server. [Sysname] interface Ten-GigabitEthernet 0/0 [Sysname-Ten-GigabitEthernet0/0] ip netstream sampler fix-16 inbound [Sysname-Ten-GigabitEthernet0/0] quit Disable NetStream sampling on the NS card. [Sysname] undo ip netstream sample enable IPv6 NetStream configuration example Network requirements As shown in Figure 26, install an NS card in slot 4 of the switch to collect statistics on IPv6 packets passing through it. The intranet-to-extranet traffic from source IP addresses belonging to the subnet 10:1::0/96 are mirrored to the NS card for flow analyzing. GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 on the switch are access ports, and belong to VLAN 10 (the intranet VLAN) and VLAN 20 (the extranet VLAN), respectively. Ten-GigabitEthernet 4/0/1 on the switch is a trunk port, and allows packets from all VLANs to pass through. Configure traffic mirroring on GigabitEthernet 2/0/1 to mirror the incoming traffic to Ten-GigabitEthernet 4/0/1. Enable NetStream on Ten-GigabitEthernet 0/0 on the NS card. The statistics on the NS card are sent out of the management interface GigabitEthernet 0/1 to the NSC for analyzing. Figure 26 Network diagram 23
26 Configuration procedures Configuring S7500E Enable IPv6 on the switch. <Sysname> system-view [Sysname] ipv6 Create VLAN10 and VLAN20, and assign GigabitEthernet 2/0/1 and GigabitEthernet 2/0/2 to VLAN 10 and VLAN 20, respectively. [Sysname] vlan 10 [Sysname-vlan10] port GigabitEthernet 2/0/1 [Sysname-vlan10] vlan 20 [Sysname-vlan20] port GigabitEthernet 2/0/2 [Sysname] quit Create VLAN-interface 10, and assign an IPv6 address to the VLAN-interface. [Sysname] interface Vlan-interface 10 [Sysname-Vlan-interface10] ipv6 address 10:1::1/96 [Sysname-Vlan-interface10] quit [Sysname] interface Vlan-interface 20 [Sysname-Vlan-interface20] ipv6 address 20:1::1/96 [Sysname-Vlan-interface20] quit Configure Ten-GigabitEthernet 4/0/1 as a trunk port, and configure the port to allow packets from VLAN 10 and VLAN 20 to pass through. [Sysname] interface Ten-GigabitEthernet4/0/1 [Sysname-Ten-GigabitEthernet4/0/1] port link-type trunk [Sysname-Ten-GigabitEthernet4/0/1] port trunk permit vlan [Sysname-Ten-GigabitEthernet4/0/1] quit Create IPv6 basic ACL 2000 for traffic classification and flitering. [Sysname] acl ipv6 number 2000 [Sysname-acl6-basic-2000] rule 0 permit source 10:1::/96 [Sysname-acl6-basic-2000] quit Create class 1, and use IPv6 basic ACL 2000 as the match criterion of the class. [Sysname] traffic classifier 1 [Sysname-classifier-1] if-match acl ipv Create traffic behavior 1, and configure the action of mirroring traffic to Ten-GigabitEthernet 4/0/1 for the traffic behavior. [Sysname] traffic behavior 1 [Sysname-behavior-1] mirror-to interface Ten-GigabitEthernet 4/0/1 Define QoS policy 1, and associate traffic class 1 with the traffic behavior 1 in QoS policy 1. [Sysname] qos policy 1 [Sysname-qospolicy-1] classifier 1 behavior 1 Apply QoS policy 1 to the incoming traffic of the interface GigabitEthernet 2/0/1. [Sysname] interface GigabitEthernet 2/0/1 [Sysname-GigabitEthernet2/0/1] qos apply policy 1 inbound 24
27 Enable ACSEI server for the NS card to synchronize the MPU's clock on the switch. [Sysname]acsei server enable Configuring the NS card Enable IPv6. <Sysname> system-view [Sysname] ipv6 Configure Ten-GigabitEthernet 0/0 as a trunk port, and configure the port to allow packets from VLAN 10 and VLAN 20 to pass through. [Sysname] interface Ten-GigabitEthernet0/0 [Sysname-Ten-GigabitEthernet0/0] port link-type trunk [Sysname-Ten-GigabitEthernet0/0] port trunk permit vlan [Sysname-Ten-GigabitEthernet0/0] quit Create a blackhole-type inline forwarding entry 1. [Sysname] inline-interfaces 1 blackhole Assign Ten-GigabitEthernet 0/0 to the blackhole-type inline forwarding entry 1 for discarding the packets when they are received and processed. [Sysname] interface Ten-GigabitEthernet0/0 [Sysname-Ten-GigabitEthernet0/0] port inline-interfaces 1 Enable IPv6 NetStream for incoming traffic on Ten-GigabitEthernet 0/0. [Sysname-Ten-GigabitEthernet0/0] ipv6 netstream inbound Enable ACSEI client on Ten-GigabitEthernet 0/0 to synchronize the MPU's clock on the switch. [Sysname-Ten-GigabitEthernet0/0] acsei-client enable [Sysname-GigabitEthernet0/0] quit Set the destination address for NetStream data export with a destination UDP port. (The destination UDP port number can be port 9020, 9021 or 6343.) [Sysname]ipv6 netstream export host Set the aging timers for active flows and inactive flows. (Optional. You can use the default settings or set the two timers at the same time. Flows age out when either aging timer is reached. The time resolution is 10 seconds.) [Sysname] ipv6 netstream timeout active 1 [Sysname] ipv6 netstream timeout inactive 10 Assign an IP address to GigabitEthernet 0/1, and use the interface to send the traffic statistics to the NSC server. [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] ip address [Sysname-GigabitEthernet0/1] quit Configure a static route destined for the NSC server. [Sysname] ip route-static Configure SNMP parameters for connecting the NSC server (IMC-NTA). [Sysname] snmp-agent community read public [Sysname] snmp-agent community write private [Sysname] snmp-agent sys-info version all 25
28 Configuring NSC server (IMC-NTA) For the IMC-NTA server, configurations for IPv6 traffic analysis tasks are the same as IPv4 traffic analysis tasks. Therefore, they are not described here. See "Configuring NSC server (IMC-NTA)." Verifying the configuration Connect port-a and port-b of Smartbits to GigabitEthernet 2/0/1 and Gigabit Ethernet 2/0/2 on the S7500E switch, respectively. Port-a sends UDP packets with the source IP 10:1::2 and destination IP 20.1::2. View the following information through IMC-NTA: Whole statistics on all traffic analysis tasks Click the Service tab, and select Traffic Analysis and Audit > Interface Traffic Analysis Task from the navigation tree to view the whole statistics on all traffic analysis tasks, including average rate and summary list. Figure 27 Average rate Figure 28 Summary list Whole statistics on all interfaces for a traffic analysis task Select Traffic Analysis and Audit > SecBlade NS to view the whole statistics on all interfaces for a traffic analysis task, including information about traffic, application, source host, destination host, and sessions. "Traffic" includes pages for traffic trend, flux distribution in interface, and traffic details. 26
29 Figure 29 Traffic trend Figure 30 Traffic details "Application" displays information about the application layer traffic, and includes pages for application list and application traffic trend. Figure 31 Application list 27
30 "Source host" displays traffic information based on IP address for the source host. Figure 32 Traffic information for source host "Destination host" displays information based on IP address for the destination host. Figure 33 Traffic information for destination host "Session" displays traffic information based on sessions. 28
31 Figure 34 Traffic information for session host Statistics on every host for a traffic analysis task Complete configuration Select the interface on the SecBlade NS list to view the corresponding statistics on that interface. You can view the same information about traffic, application, source host, destination host and session host as the traffic analysis task information. Therefore, it is not described and illustrated here. 1. S7500E: ipv6 acsei server enable acl ipv6 number 2000 rule 0 permit source 10:1::/96 vlan 10 vlan 20 traffic classifier 1 operator and if-match acl ipv traffic behavior 1 mirror-to interface Ten-GigabitEthernet4/0/1 qos policy 1 classifier 1 behavior 1 29
32 interface Vlan-interface10 ipv6 address 10:1::1/96 interface Vlan-interface20 ipv6 address 20:1::1/96 interface GigabitEthernet2/0/1 port link-mode bridge port access vlan 10 qos apply policy 1 inbound interface GigabitEthernet2/0/2 port link-mode bridge port access vlan 20 interface Ten-GigabitEthernet4/0/1 port link-mode bridge port link-type trunk port trunk permit vlan NS card: ipv6 telnet server enable inline-interfaces 1 blackhole vlan 10 vlan 20 interface GigabitEthernet0/1 port link-mode route ip address interface Ten-GigabitEthernet0/0 port link-mode bridge port link-type trunk port trunk permit vlan ipv6 netstream inbound port inline-interfaces 1 acsei-client enable ip route-static snmp-agent 30
33 snmp-agent local-engineid A D6295F38 snmp-agent community read public snmp-agent community write private snmp-agent sys-info version all ipv6 netstream timeout active 1 ipv6 netstream timeout inactive 10 ipv6 netstream export host user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme Related documentation H3C SecBlade NetStream Card Configuration Guide H3C SecBlade NetStream Card Command Reference 31
HPE IMC NTA MPLS VPN Traffic Analysis Configuration Examples
HPE IMC NTA MPLS VPN Traffic Analysis Configuration Examples Part number: 5200-1404 Software version: IMC NTA 7.2 (E0401) The information in this document is subject to change without notice. Copyright
More informationH3C Firewall and UTM Devices Log Management with IMC Firewall Manager Configuration Examples (Comware V5)
H3C Firewall and UTM Devices Log Management with IMC Firewall Manager Configuration Examples (Comware V5) Copyright 2015 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual
More informationH3C S12500 sflow Configuration Examples
H3C S12500 sflow Configuration Examples Copyright 2013 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without
More informationSecBlade Firewall Cards Attack Protection Configuration Example
SecBlade Firewall Cards Attack Protection Configuration Example Keywords: Attack protection, scanning, blacklist Abstract: This document describes the attack protection functions of the SecBlade firewall
More informationSecBlade Firewall Cards NAT Configuration Examples
SecBlade Firewall Cards NAT Configuration Examples Keywords: NAT, PAT, private IP address, public IP address, IP address pool Abstract: This document describes the characteristics, applications scenarios,
More informationSecBlade Firewall Cards Stateful Failover Configuration Examples
SecBlade Firewall Cards Stateful Failover Configuration Examples Keywords: Stateful failover, active/standby mode, active/active mode, data synchronization, traffic switchover Abstract: A network that
More informationSecBlade Firewall Cards ARP Attack Protection Configuration Examples
SecBlade Firewall Cards ARP Attack Protection Configuration Examples Keywords: ARP Abstract: ARP provides no security mechanism and can be easily utilized by attackers to launch attacks. The device provides
More informationH3C S12500 VLAN Configuration examples
H3C S12500 VLAN Configuration examples Copyright 2014 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without
More informationH3C S12500 Unauthorized DHCP Server Detection Configuration Examples
H3C S12500 Unauthorized DHCP Server Detection Configuration Examples Copyright 2013 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any
More informationCommand Manual MAC Address Table Management H3C S5500-EI Series Ethernet Switches. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 MAC Address Table Management... 1-1 1.1.1 display mac-address... 1-1 1.1.2 display mac-address aging-time... 1-2 1.1.3 mac-address (Ethernet port view)...
More informationSecBlade Firewall Cards Log Management and SecCenter Configuration Example
SecBlade Firewall Cards Log Management and SecCenter Configuration Example Keywords: Syslog Abstract: This document describes the log management function of SecBlade firewall cards, and presents configuration
More informationLogging in through SNMP from an NMS 22 Overview 22 Configuring SNMP agent 22 NMS login example 24
Contents Logging in to the CLI 1 Login methods 1 Logging in through the console or AUX port 2 Introduction 2 Configuration procedure 2 Logging in through Telnet 6 Introduction 6 Logging in to the switch
More informationH3C SecBlade IPS Cards
H3C SecBlade IPS Cards User Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document version: 5PW104-20101210 Copyright 2008-2010, Hangzhou H3C Technologies Co., Ltd. and its licensors All
More informationH3C S10500 OpenFlow Configuration Examples
H3C S10500 OpenFlow Configuration Examples Copyright 2015 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without
More informationUser FAQ for H3C Security Products
User FAQ for H3C Security Products Copyright 2012 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior
More informationHP 5820X & 5800 Switch Series Network Management and Monitoring. Configuration Guide. Abstract
HP 5820X & 5800 Switch Series Network Management and Monitoring Configuration Guide Abstract This document describes the software features for the HP 5820X & 5800 Series products and guides you through
More informationH3C S5130-EI Switch Series
H3C S5130-EI Switch Series OpenFlow Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 311x Document version: 6W102-20180323 Copyright 2016-2018, New H3C Technologies
More informationAccess Control List Enhancements on the Cisco Series Router
Access Control List Enhancements on the Cisco 12000 Series Router Part Number, May 30, 2008 The Cisco 12000 series router filters IP packets using access control lists (ACLs) as a fundamental security
More informationTable of Contents 1 QinQ Configuration 1-1
Table of Contents 1 QinQ Configuration 1-1 Introduction to QinQ 1-1 Background 1-1 QinQ Mechanism and Benefits 1-1 QinQ Frame Structure 1-2 Implementations of QinQ 1-3 Modification of the TPID Value in
More informationLogin management commands
Contents Login management commands 1 CLI login configuration commands 1 display telnet client configuration 1 telnet 1 telnet ipv6 2 telnet server enable 3 User interface configuration commands 3 acl (user
More informationH3C SecPath Series High-End Firewalls
H3C SecPath Series High-End Firewalls NAT and ALG Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: SECPATHF1000SAI&F1000AEI&F1000ESI-CMW520-R3721 SECPATH5000FA-CMW520-F3210
More informationH3C S7500E Switch Series
H3C S7500E Switch Series Comware 7 EVB Configuration Guide New H3C Technologies Co., Ltd. http://www.h3c.com.hk Software version: Release 7557 and later versions Document version: 6W100-20170831 Copyright
More informationH3C S9800 Switch Series
H3C S9800 Switch Series OpenFlow Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 213x Document version: 6W101-20151130 Copyright 2015, Hangzhou H3C
More informationH3C S7500E-X OSPF Configuration Examples
H3C S7500E-X OSPF Configuration Examples Copyright 2015 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without
More informationHP High-End Firewalls
HP High-End Firewalls Access Control Configuration Guide Part number: 5998-2648 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719
More informationH3C SecPath Series High-End Firewalls
H3C SecPath Series High-End Firewalls NAT and ALG Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: SECPATH1000FE&SECBLADEII-CMW520-R3166 SECPATH5000FA-CMW520-R3206
More informationMonitor Commands. monitor session source, page 2 monitor session destination, page 4
monitor session source, page 2 monitor session destination, page 4 1 monitor session source monitor session source To create a SPAN or RSPAN source session, use the monitor session source command in switch
More informationHPE IMC NTA/UBA Cisco Network Traffic Monitoring Through NetFlow Configuration Examples
HPE IMC NTA/UBA Cisco Network Traffic Monitoring Through NetFlow Configuration Examples Part number: 5200-4121 Software version: IMC NTA 7.3 (E0503) Software version: IMC UBA 7.3 (E0503) The information
More informationH3C SR6600/SR6600-X Routers
H3C SR6600/SR6600-X Routers Network Management and Monitoring Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: SR6600X-CMW520-R3103 SR6602-CMW520-R3103 SR6602X_MCP-CMW520-R3103
More informationInformation about Network Security with ACLs
This chapter describes how to configure network security on the switch by using access control lists (ACLs), which in commands and tables are also referred to as access lists. Finding Feature Information,
More informationH3C S5120-EI Switch Series
H3C S5120-EI Switch Series IP Multicast Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 2210 Document version: 6W100-20110915 Copyright 2011, Hangzhou
More informationH3C S9500 Series Routing Switches
Command Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: T2-08194S-20081225-C-1.24 Product Version: S9500-CMW310-R1648 Copyright 2007-2008, Hangzhou H3C Technologies Co., Ltd.
More informationUser authentication configuration example 11 Command authorization configuration example 13 Command accounting configuration example 14
Contents Logging in to the CLI 1 Login methods 1 Logging in through the console or AUX port 2 Logging in through Telnet 5 Telnetting to the switch 5 Telnetting from the switch to another device 7 Logging
More informationH3C Firewall and UTM Devices L2TP VPN Virtual Firewall Configuration Examples (Comware V5)
H3C Firewall and UTM Devices L2TP VPN Virtual Firewall Configuration Examples (Comware V5) Copyright 2015 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced
More informationLoop detection commands 1
Contents Loop detection commands 1 display loopback-detection 1 loopback-detection action 1 loopback-detection enable 2 loopback-detection global action 3 loopback-detection global enable 4 loopback-detection
More informationH3C S7500E Series Ethernet Switches. Network Management and Monitoring. Configuration Guide. Hangzhou H3C Technologies Co., Ltd.
H3C S7500E Series Ethernet Switches Network Management and Monitoring Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document Version: 20100722-C-1.01 Product Version: Release
More informationUsing the Web Graphical User Interface
Prerequisites for Using the Web GUI, page 1 Information About Using The Web GUI, page 1 Connecting the Console Port of the Device, page 3 Logging On to the Web GUI, page 3 Enabling Web and Secure Web Modes,
More informationH3C MSR Router Series
H3C MSR Router Series Comware 7 OpenFlow Command Reference New H3C Technologies Co., Ltd. http://www.h3c.com Software version: MSR-CMW710-R0615P08 Document version: 6W201-20180803 Copyright 2017-2018,
More informationHP 5920 & 5900 Switch Series
HP 5920 & 5900 Switch Series Network Management and Monitoring Configuration Guide Part number: 5998-2900 Software version: Release 2210 Document version: 6W100-20131105 Legal and notice information Copyright
More informationH3C S5820X&S5800 Switch Series
H3C S5820X&S5800 Switch Series Network Management and Monitoring Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 1211 Document version: 6W100-20110415
More informationCCNA Course Access Control Lists
CCNA Course Access Control Lists Access Control Lists (ACL) Traffic Filtering Permit or deny packets moving through router Permit or deny (VTY) access to or from a router Traffic Identifying for special
More informationContents. Configuring LLDP 2
Contents Configuring LLDP 2 Overview 2 Basic concepts 2 Working mechanism 8 Protocols and standards 9 LLDP configuration task list 9 Performing basic LLDP configurations 10 Enabling LLDP 10 Configuring
More informationDHCP H3C Low-End Ethernet Switches Configuration Examples. Table of Contents
DHCP Table of Contents Table of Contents Chapter 1 DHCP Functions Overview... 1-1 1.1 Supported DHCP Functions... 1-1 1.1.1 DHCP Functions Supported by the H3C Low-End Ethernet Switches... 1-1 1.2 Configuration
More informationConfiguring ARP attack protection 1
Contents Configuring ARP attack protection 1 ARP attack protection configuration task list 1 Configuring unresolvable IP attack protection 1 Configuring ARP source suppression 2 Configuring ARP blackhole
More informationH3C SecPath Series Firewalls and UTM Devices
H3C SecPath Series Firewalls and UTM Devices High Availability Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: F100 series: ESS 5132 F1000-A-EI: Feature 3722
More informationH3C S5500-HI Switch Series
H3C S5500-HI Switch Series Network Management and Monitoring Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 52xx Document version: 6W102-20131220 Copyright
More informationTable of Contents 1 Port Mirroring Configuration 1-1
Table of Contents 1 Port Mirroring Configuration 1-1 Introduction to Port Mirroring 1-1 Classification of Port Mirroring 1-1 Implementing Port Mirroring 1-2 Other Functions Supported by Port Mirroring
More informationOperation Manual SNMP-RMON H3C S3610&S5510 Series Ethernet Switches. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 SNMP Overview... 1-1 1.1.1 SNMP Mechanism... 1-1 1.1.2 SNMP Protocol Version... 1-2 1.1.3 MIB Overview... 1-2 1.2 SNMP Configuration... 1-2 1.3 Trap Configuration...
More informationTable of Contents 1 Commands for Access Controller Switch Interface Board 1-1
Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1 Commands for Access Controller and Access Controller Switch Interface Board 1-1 acl (user interface view) 1-1 activation-key
More informationConfiguring ARP attack protection 1
Contents Configuring ARP attack protection 1 ARP attack protection configuration task list 1 Configuring unresolvable IP attack protection 1 Configuring ARP source suppression 2 Configuring ARP blackhole
More informationDPtech IPS2000 Series Intrusion Prevention System User Configuration Guide v1.0
DPtech IPS2000 Series Intrusion Prevention System User Configuration Guide v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any help, please contact Hangzhou
More informationDPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0
DPX8000 Series Deep Service Switching Gateway User Configuration Guide BRAS Service Board Module v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any help,
More informationHP 6125G & 6125G/XG Blade Switches
HP 6125G & 6125G/XG Blade Switches Network Management and Monitoring Configuration Guide Part number: 5998-3162b Software version: Release 2103 and later Document version: 6W103-20151020 Legal and notice
More informationConfiguring Devices for Flow Collection
This PDF is no longer being maintained. See the SolarWinds Success Center for more information. SolarWinds Technical Reference Configuring Devices for Flow Collection Introduction... 3 Cisco... 3 Cisco
More informationConverged Access CT 5760 AVC Deployment Guide, Cisco IOS XE Release 3.3
Converged Access CT 5760 AVC Deployment Guide, Cisco IOS XE Release 3.3 Last Updated: November, 2013 Introduction This guide is designed to help you deploy and monitor new features introduced in the IOS
More informationSwitch Configuration Example for Q-SYS Platform Hewlett-Packard HP 1910 (Gigabit only, minimum buffer size 40 kb per port)
(Gigabit only, minimum buffer size 40 kb per port) Important Note This switch configuration example is intended to serve as a network setup guideline for systems using Q-LAN audio and video streaming within
More informationManagement Software AT-S101. User s Guide. For use with the AT-GS950/8POE Gigabit Ethernet WebSmart Switch. Version Rev.
Management Software AT-S101 User s Guide For use with the AT-GS950/8POE Gigabit Ethernet WebSmart Switch Version 1.0.0 613-000985 Rev. A Copyright 2008 Allied Telesis, Inc. All rights reserved. No part
More informationHP 6125 Blade Switch Series
HP 6125 Blade Switch Series Network Management and Monitoring Configuration Guide Part number: 5998-3162 Software version: Release 2103 Document version: 6W100-20120907 Legal and notice information Copyright
More informationHP 830 Series PoE+ Unified Wired-WLAN Switch Switching Engine
HP 830 Series PoE+ Unified Wired-WLAN Switch Switching Engine Network Management and Monitoring Configuration Guide Part number: 5998-3936 Software version: 3308P26 Document version: 6W101-20130628 Legal
More informationManaging Standalone EAP
CHAPTERS 1. Manage System Logs 2. Configure Web Server 3. Configure Management Access 4. Configure Trunk (For EAP330) 5. Configure LED 6. Configure PoE (For EAP225-Wall) 7. Configure SSH 8. Configure Management
More informationH3C S9500 QoS Technology White Paper
H3C Key words: QoS, quality of service Abstract: The Ethernet technology is widely applied currently. At present, Ethernet is the leading technology in various independent local area networks (LANs), and
More informationLab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology
Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 8 Addressing Table Objectives
More informationNetwork Switch Setup for Q-SYS Platform Hewlett-Packard HP 1910 (Gigabit only)
Network Switch Setup for Q-SYS Platform This document applies to this HP switch: HP 1910 (Gigabit only) Introduction As of release 5.3.x, Q-SYS Designer software now supports AES67-standard interoperability.
More informationUsing the Web Graphical User Interface
Prerequisites for Using the Web GUI, page 1 Information About Using The Web GUI, page 2 Connecting the Console Port of the Switch, page 3 Logging On to the GUI, page 4 Enabling Web and Secure Web Modes,
More informationGSS Administration and Troubleshooting
CHAPTER 9 GSS Administration and Troubleshooting This chapter covers the procedures necessary to properly manage and maintain your GSSM and GSS devices, including login security, software upgrades, GSSM
More informationLogging in to the CLI
Contents Logging in to the CLI 1 Login methods 1 Logging in through the console port 2 Introduction 2 Configuration procedure 2 Logging in through the AUX port 5 Configuration prerequisites 5 Configuration
More informationH3C SR6600 Routers DVPN Configuration Example
H3C SR6600 Routers DVPN Configuration Example Keywords: DVPN, VPN, VAM, AAA, IPsec, GRE Abstract: This document describes the DVPN configuration example for the H3C SR6600 Routers Series. Acronyms: Acronym
More informationConfiguring ACLs. ACL overview. ACL categories. ACL numbering and naming
Contents Configuring ACLs 1 ACL overview 1 ACL categories 1 ACL numbering and naming 1 Match order 2 ACL rule numbering 3 Implementing time-based ACL rules 3 IPv4 fragments filtering with ACLs 3 Flow templates
More informationIMC Network Traffic Analyzer 7.3 (E0504) Copyright 2015, 2017 Hewlett Packard Enterprise Development LP
Network Traffic Analyzer 7.3 (E0504) Copyright 2015, 2017 Hewlett Packard Enterprise Development LP Table of Contents 1. What's New in this Release 2. Problems Fixed in this Release 3. Software Distribution
More informationH3C SecPath Series High-End Firewalls
H3C SecPath Series High-End Firewalls Attack Protection Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: SECPATHF1000SAI&F1000AEI&F1000ESI-CMW520-R3721 SECPATH5000FA-CMW520-F3210
More informationConfiguring NetFlow. About NetFlow. This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.
This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. About NetFlow, page 1 Licensing Requirements for NetFlow, page 4 Prerequisites for NetFlow, page 4 Guidelines and Limitations
More informationTable of Contents. 1 TFTP Configuration Commands 1-1 TFTP Client Configuration Commands 1-1 tftp-server acl 1-1 tftp 1-2 tftp ipv6 1-3
Table of Contents 1 TFTP Configuration Commands 1-1 TFTP Client Configuration Commands 1-1 tftp-server acl 1-1 tftp 1-2 tftp ipv6 1-3 i 1 TFTP Configuration Commands TFTP Client Configuration Commands
More informationAccess Control List Overview
Access lists filter network traffic by controlling the forwarding or blocking of packets at the interface of a device. A device examines each packet to determine whether to forward or drop that packet,
More informationTable of Contents 1 Basic Configuration Commands 1-1
Table of Contents 1 Basic Configuration Commands 1-1 Basic Configuration Commands 1-1 clock datetime 1-1 clock summer-time one-off 1-2 clock summer-time repeating 1-3 clock timezone 1-4 command-privilege
More informationCCNA Semester 2 labs. Labs for chapters 2 10
CCNA Semester 2 labs Labs for chapters 2 10 2.2.2.5 Lab - Configuring IPv4 Static and Default Routes 2.3.2.4 Lab - Troubleshooting Static Routes 3.2.1.9 Lab - Configuring Basic RIPv2 5.2.2.9 Lab - Configuring
More informationHP 5120 SI Switch Series
HP 5120 SI Switch Series Network Management and Monitoring Configuration Guide Part number: 5998-1813 Software version: Release 1505 Document version: 6W102-20121111 Legal and notice information Copyright
More informationH3C SecPath UTM Series. Configuration Examples. Hangzhou H3C Technologies Co., Ltd. Manual Version: 5W
H3C SecPath UTM Series Configuration Examples Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: 5W101-20100520 Copyright 2009-2010, Hangzhou H3C Technologies Co., Ltd. and its licensors
More informationHP A5500 EI & A5500 SI Switch Series Network Management and Monitoring. Configuration Guide. Abstract
HP A5500 EI & A5500 SI Switch Series Network Management and Monitoring Configuration Guide Abstract This document describes the software features for the HP A Series products and guides you through the
More informationHP Load Balancing Module
HP Load Balancing Module Security Configuration Guide Part number: 5998-2686 Document version: 6PW101-20120217 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part
More informationH3C Intelligent Management Center
H3C Intelligent Management Center TACACS+ Authentication Manager Administrator Guide New H3C Technologies Co., Ltd. http://www.h3c.com.hk Software version: IMC TAM 7.3 (E0501) Document version: 5PW105-20170515
More informationH3C S10500 IP Unnumbered Configuration Examples
H3C S10500 IP Unnumbered Configuration Examples Copyright 2015 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means
More informationConfiguring Web Cache Services By Using WCCP
CHAPTER 44 Configuring Web Cache Services By Using WCCP This chapter describes how to configure your Catalyst 3560 switch to redirect traffic to wide-area application engines (such as the Cisco Cache Engine
More informationPort ACLs (PACLs) Prerequisites for PACls CHAPTER
71 CHAPTER Prerequisites for PACls, page 71-1 Restrictions for PACLs, page 71-2 Information About PACLs, page 71-2 How to Configure PACLs, page 71-7 Note For complete syntax and usage information for the
More informationHP A6600 Routers Network Management and Monitoring. Command Reference. Abstract
HP A6600 Routers Network Management and Monitoring Command Reference Abstract This document describes the commands and command syntax options available for the HP A Series products. This document is intended
More informationChapter 10 - Configure ASA Basic Settings and Firewall using ASDM
Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces.
More informationHP Intelligent Management Center
HP Intelligent Management Center VAN Connection Manager Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators who manage the VCM.
More informationContents. QoS overview 1
Contents QoS overview 1 QoS service models 1 Best-effort service model 1 IntServ model 1 DiffServ model 1 QoS techniques overview 1 Deploying QoS in a network 2 QoS processing flow in a device 2 Configuring
More informationThis chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.
This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. Finding Feature Information, page 1 NetFlow, page 2 Licensing Requirements for NetFlow, page 6 Prerequisites for NetFlow,
More informationTable of Contents. 2 MIB Style Configuration 2-1 Setting the MIB Style 2-1 Displaying and Maintaining MIB 2-1
Table of Contents 1 SNMP Configuration 1-1 SNMP Overview 1-1 SNMP Mechanism 1-1 SNMP Protocol Version 1-2 MIB Overview 1-2 SNMP Configuration 1-3 Configuring SNMP Logging 1-5 Introduction to SNMP Logging
More informationImplementing Access Lists and Prefix Lists
An access control list (ACL) consists of one or more access control entries (ACE) that collectively define the network traffic profile. This profile can then be referenced by Cisco IOS XR softwarefeatures
More informationTable of Contents. 2 MIB Style Configuration 2-1 Overview 2-1 Setting the MIB Style 2-1 Displaying and Maintaining MIB 2-1
Table of Contents 1 SNMP Configuration 1-1 SNMP Overview 1-1 SNMP Mechanism 1-1 SNMP Protocol Versions 1-2 MIB Overview 1-2 Configuring SNMP 1-3 Configuring SNMPv3 1-3 Configuring SNMPv1 and SNMPv2c 1-4
More informationHP 5920 & 5900 Switch Series
HP 5920 & 5900 Switch Series OpenFlow Command Reference Part number: 5998-4679a Software version: Release 23xx Document version: 6W101-20150320 Legal and notice information Copyright 2015 Hewlett-Packard
More informationDPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0
DPX8000 Series Deep Service Switching Gateway User Configuration Guide Firewall Service Board Module v1.0 i Hangzhou DPtech Technologies Co., Ltd. provides full- range technical support. If you need any
More informationConfiguring OpenFlow 1
Contents Configuring OpenFlow 1 Overview 1 OpenFlow switch 1 OpenFlow port 1 OpenFlow instance 2 OpenFlow flow table 3 Group table 5 Meter table 5 OpenFlow channel 6 Protocols and standards 7 Configuration
More informationTable of Contents. 2 Static Route Configuration Commands 2-1 Static Route Configuration Commands 2-1 delete static-routes all 2-1 ip route-static 2-1
Table of Contents 1 IP Routing Table Commands 1-1 IP Routing Table Commands 1-1 display ip routing-table 1-1 display ip routing-table acl 1-3 display ip routing-table ip-address 1-5 display ip routing-table
More informationOperation Manual SNMP. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 SNMP Overview... 1-1 1.1.1 Introduction to SNMP... 1-1 1.1.2 SNMP Versions and Supported MIB... 1-1 1.2 Configuring SNMP... 1-3 1.2.1 Setting Community Names...
More informationHP MSR Router Series. Network Management and Monitoring Configuration Guide(V7)
HP MSR Router Series Network Management and Monitoring Configuration Guide(V7) Part number: 5998-7724b Software version: CMW710-R0304 Document version: 6PW104-20150914 Legal and notice information Copyright
More informationOperation Manual ARP H3C S5500-SI Series Ethernet Switches. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 ARP Overview... 1-1 1.1.1 ARP Function... 1-1 1.1.2 ARP Message Format... 1-1 1.1.3 ARP Address Resolution Process... 1-2 1.1.4 ARP Mapping Table... 1-3 1.2
More informationConfiguring Cache Services Using the Web Cache Communication Protocol
Configuring Cache Services Using the Web Cache Communication Protocol Finding Feature Information, page 1 Prerequisites for WCCP, page 1 Restrictions for WCCP, page 2 Information About WCCP, page 3 How
More informationTable of Contents. 2 MIB Configuration Commands 2-1 MIB Configuration Commands 2-1 display mib-style 2-1 mib-style 2-1
Table of Contents 1 SNMP Configuration Commands 1-1 SNMP Configuration Commands 1-1 display snmp-agent community 1-1 display snmp-agent group 1-2 display snmp-agent local-engineid 1-3 display snmp-agent
More information