H3C交换机操作手册

目录第1章 802.1x配置..................................................................................................................1-11.1 802.1x简介.........................................................................................................................1-11.1.1 802.1x标准简介.......................................................................................................1-11.1.2 802.1x体系结构.......................................................................................................1-11.1.3 802.1x的认证过程....................................................................................................1-21.1.4 802.1x在以太网交换机中的实现..............................................................................1-31.2 802.1x配置.........................................................................................................................1-31.2.1 开启/关闭802.1x特性..............................................................................................1-41.2.2 设置端口接入控制的模式.........................................................................................1-41.2.3 设置端口接入控制方式............................................................................................1-41.2.4 检测通过代理登录交换机的用户..............................................................................1-51.2.5 设置端口接入用户数量的最大值..............................................................................1-51.2.6 设置允许DHCP触发认证.........................................................................................1-61.2.7 设置802.1x用户的认证方法....................................................................................1-61.2.8 开启/关闭Guest VLAN功能......................................................................................1-71.2.9 设置802.1x重认证功能...........................................................................................1-71.2.10 设置对802.1x客户端的版本验证功能....................................................................1-91.2.11 设置认证请求帧的最大可重复发送次数...............................................................1-101.2.12 配置定时器参数...................................................................................................1-101.2.13 打开/关闭quiet-period定时器...............................................................................1-121.3 802.1x的显示和调试........................................................................................................1-121.4 802.1x典型配置举例........................................................................................................1-12第2章 Portal配置...................................................................................................................2-12.1 Portal简介..........................................................................................................................2-12.1.1 Portal概述................................................................................................................2-12.1.2 Portal的系统组成.....................................................................................................2-12.1.3 Portal认证的过程.....................................................................................................2-22.1.4 Portal的运行方式.....................................................................................................2-22.1.5 Portal免认证用户与免费IP.......................................................................................2-32.1.6 交换机与用户PC的ARP报文握手............................................................................2-32.1.7 Portal限速功能.........................................................................................................2-32.2 Portal基本配置...................................................................................................................2-42.2.1 配置准备..................................................................................................................2-42.2.2 Portal基本配置过程.................................................................................................2-42.2.3 Portal直接认证方式配置举例...................................................................................2-52.2.4 Portal二次地址分配方式配置举例............................................................................2-72.2.5 三层Portal认证方式配置举例...................................................................................2-92.3 Portal免认证用户及免费IP配置........................................................................................2-102.3.1 配置准备................................................................................................................2-102.3.2 Portal免认证用户及免费IP配置过程......................................................................2-102.3.3 免认证用户及免费IP配置举例................................................................................2-112.4 Portal限速功能配置..........................................................................................................2-122.4.1 Portal限速功能配置过程........................................................................................2-122.4.2 Portal限速功能配置举例........................................................................................2-122.5 删除Portal用户.................................................................................................................2-132.5.1 删除Portal用户配置过程........................................................................................2-132.5.2 删除Portal用户配置举例........................................................................................2-13第3章 AAA和RADIUS协议配置.............................................................................................3-13.1 AAA和RADIUS协议简介....................................................................................................3-13.1.1 AAA概述..................................................................................................................3-13.1.2 RADIUS协议概述....................................................................................................3-13.1.3 AAA/RADIUS在交换机中的实现..............................................................................3-23.2 AAA配置.............................................................................................................................3-33.2.1 创建/删除ISP域........................................................................................................3-33.2.2 配置ISP域的相关属性..............................................................................................3-43.2.3 开启/关闭信使提醒功能...........................................................................................3-53.2.4 开启/关闭自助服务器定位功能................................................................................3-53.2.5 创建本地用户...........................................................................................................3-63.2.6 设置本地用户的属性................................................................................................3-63.2.7 强制切断用户连接....................................................................................................3-73.2.8 配置动态VLAN下发.................................................................................................3-83.3 RADIUS协议配置...............................................................................................................3-93.3.1 创建/删除RADIUS方案..........................................................................................3-103.3.2 设置RADIUS服务器的IP地址和端口号..................................................................3-103.3.3 设置RADIUS报文的加密密钥................................................................................3-113.3.4 设置RADIUS服务器响应超时定时器.....................................................................3-123.3.5 设置RADIUS请求报文的最大传送次数..................................................................3-123.3.6 打开RADIUS计费可选开关....................................................................................3-123.3.7 设置实时计费间隔..................................................................................................3-133.3.8 设置允许实时计费请求无响应的最大次数.............................................................3-133.3.9 使能停止计费报文缓存功能...................................................................................3-143.3.10 设置停止计费请求报文的最大发送次数...............................................................3-143.3.11 配置设备重启用户再认证功能.............................................................................3-153.3.12 设置支持何种类型的RADIUS服务器...................................................................3-163.3.13 设置RADIUS服务器的状态..................................................................................3-173.3.14 设置主、备份RADIUS服务器切换的时间间隔.....................................................3-173.3.15 设置发送给RADIUS服务器的用户名格式............................................................3-183.3.16 设置发送给RADIUS服务器的数据流的单位........................................................3-183.3.17 配置本地RADIUS认证服务器..............................................................................3-193.4 AAA和RADIUS协议的显示和调试....................................................................................3-193.5 AAA和RADIUS协议典型配置举例....................................................................................3-203.5.1 FTP/Telnet用户远端RADIUS服务器认证配置.......................................................3-203.5.2 FTP/Telnet用户本地RADIUS服务器认证配置.......................................................3-223.5.3 动态VLAN下发配置...............................................................................................3-223.6 AAA和RADIUS协议故障的诊断与排除............................................................................3-23第4章 EAD配置.....................................................................................................................4-14.1 EAD简介............................................................................................................................4-14.2 EAD配置的典型组网应用...................................................................................................4-14.3 EAD配置............................................................................................................................4-24.4 EAD典型配置过程举例.......................................................................................................4-3第5章 HABP特性配置............................................................................................................5-15.1 HABP特性简介...................................................................................................................5-15.2 HABP特性配置...................................................................................................................5-15.2.1 配置HABP Server....................................................................................................5-15.2.2 配置HABP Client.....................................................................................................5-25.3 HABP的显示和调试............................................................................................................5-2第1章 802.1x配置1.1 802.1x简介1.1.1 802.1x标准简介IEEE 802.1x标准（以下简称802.1x）的主要内容是一种基于端口的网络接入控制（Port Based Network Access Control）协议。

H3C S6850 Series Data Center Switches Release Date: Nov, 2022New H3C Technologies Co., LimitedH3C S6850 Series Data Center SwitchesProduct overviewH3C S6850 high-density intelligent switch series is developed for data centers and cloud computing networks. It provides powerful hardware forwarding capacity and abundant data center features. It provides up to 48*25G ports and 8*100G ports. The switch supports modular power modules and fan trays. By using different fan trays, the switch can provide field-changeable airflows.The switch is an ideal product for high-density 25GE switching and aggregation at data centers and cloud computing networks. It can also operate as a TOR access switch on an overlay or integrated network.Product AppearanceThe S6850 series come in the following models.∙S6850-56HF: The switch provides 48 × 25G SFP28 ports, 8 × 100G QSFP28 ports, and 2 × 1G SFP portsS6850-56HF front panel S6850-56HF rear panel∙S6850-2C: The switch provides 2 service slots, 2 × 100G QSFP28 portsS6850-2C front panel S6850-2C rear panelFeatures and BenefitsHigh-Density 25GE Access∙The switch offers high-density 100G/40G/25G/10G ports and a wire-speed forwarding capacity as high as 4 Tbps. With standard 25G ports, it can provide high-density server access in high-end data centers.IRF2 (Second Generation Intelligent Resilience Architecture)∙Facing the application requirements of the unified switching architecture of the data center, the series switches support the IRF2 technology, which virtualizes multiple devices into one logical.∙The equipment has strong advantages in scalability, reliability, distributed and availability.∙ IRF2 not only can achieve a long-distance intelligent elastic architecture within a rack, across racks, and even across regions.Abundant Data Center FeaturesThe switch supports abundant data center features, including:∙H3C S6850 switch series supports VXLAN (Virtual Extensible LAN), which provides two major benefits, higher scalability of Layer 2 segmentation and better utilization of available network paths.∙H3C S6850 switch series supports MP-BGP EVPN (Multiprotocol Border Gateway Protocol Ethernet Virtual Private Network) which can run as VXLAN control plane to simplify VXLAN configuration,eliminate traffic flooding and reduce full mesh requirements between VTEPs via the introduction of BGP RR.∙H3C S6850 switch series support Fiber Channel over Ethernet (FCoE), which permits storage, data, and computing services to be transmitted on one network, reducing the costs of networkconstruction and maintenance.∙H3C S6850 switch series support Priority-based Flow Control (PFC), Enhanced Transmission Selection (ETS) and Data Center Bridging eXchange (DCBX). These features ensure low latency and zero packet loss for FC storage, RDMA applications and high-speed computing services.H3C Distributed Resilient Network Interconnection (DRNI)∙H3C S6850 switch series support DRNI(M-LAG), which enables links of multiple switches to aggregate into one to implement device-level link backup. DRNI is applicable to servers dual-homed to a pair of access devices for node redundancy.∙ Streamlined topology: DRNI simplifies the network topology and spanning tree configuration by virtualizing two physical devices into one logical device.∙Independent upgrading: The DR member devices can be upgraded independently one by one to minimize the impact on traffic forwarding.∙High availability: The DR system uses a keepalive link to detect multi-active collision to ensure that only one member device forwards traffic after a DR system splits.Powerful VisibilityWith the rapid development of data center, the scale of the data center expands rapidly; reliability, operation and maintenance become the bottleneck of data center for further expansion. H3C S6850 switch series conform to the trend of automated data operation and maintenance, and support visualization of data center.∙INT (Inband-Telemetry) is a network monitoring technology used to collect data from the device.Compared with the traditional network monitoring technology featuring one query, one reporting, INT requires only one-time configuration for continuous data reporting, thereby reducing therequest processing load of the device. INT can collect timestamp information, device ID, portinformation, and buffer information in real time. INT can be implemented in IP, EVPN, and VXLANnetworks.∙Provides a variety of traffic monitoring and analytic tools, including sFlow, NetStream, SPAN/RSPAN/ERSPAN mirroring, and port mirroring to help customers perform precise trafficanalysis and gain visibility into network application traffic. With these tools, customers can collectnetwork traffic data to evaluate network health status, create traffic analysis reports, perform traffic engineering, and optimize resource allocation.∙Supports realtime monitoring of buffer and port queues, allowing for visible and dynamic network optimization.∙Supports PTP (Precision Time Protocol) to achieve highly precise clock synchronization.RoCE (RDMA over Converged Ethernet)∙Remote Direct Memory Access (RDMA) directly transmits the user application data to the storage space of the servers, and uses the network to fast transmit the data from the local system to thestorage of the remote system. RDMA eliminates multiple data copying and context switchingoperations during the transmission process, and reduces the CPU load.∙RoCE supports RDMA on standard Ethernet infrastructures. H3C S6850 switch support RoCE and can be used to build a lossless Ethernet network to ensure zero packet loss.∙RoCE include the following key features，include PFC(Priority based Flow Control), ECN(Explicit Congestion Notification), DCBX(Data Center Bridging Capability Exchange Protocol), ETS(Enhanced Transmission Selection).Flexible programmability∙The switch uses industry-leading programmable switching chips that allow users to define the forwarding logic as needed.∙Users can develop new features that meet the evolving trend of their networks through simple software updates.Powerful SDN capacity∙ H3C S6850 switch series adopt the next-generation chip with more flexible Openflow FlowTable, more resources and accurate ACL matching, which greatly improves the software-defined network (SDN) capabilities and meet the demand of data center SDN network.∙ H3C S6850 switch series can interconnect with H3C SeerEngine-DC Controller through standard protocols such as OVSDB, Netconf and SNMP to implement network automatic deployment andconfiguration.Comprehensive security control policies∙H3C S6850 series switch supports AAA, RADIUS and user account based authentication, IP, MAC, VLAN, port-based user identification, dynamic and static binding; when working with the H3C iMC platform, it can conduct real time management, instant diagnosis and crackdown on illicit network behavior.∙H3C S6850 series switch supports enhanced ACL control logic, which enables an enormous amount of in-port and out-port ACL, and delegate VLAN based ACL. This simplifies user deployment process and avoids ACL resource wastage. S6850 series switch can also take advantage of Unicast ReversePath Forwarding (Unicast RFP). When the device receives a packet, it will perform the reverse check to verify the source address from which the packets are supposedly originated, and will drop thepacket if such path doesn’t exist. This can effectively prevent the source address spoofing in thenetwork.Multiple reliability protection∙The S6850 series switch provides multiple reliability protection at both switch and link levels. With over current, overvoltage, and overheat protection, all models have a redundant pluggable powermodule, which enables flexible configuration of AC or DC power modules based on actual needs.The entire switch supports fault detection and alarm for power supply and fan, allowing fan speed to change to suit different ambient temperatures.∙The switch supports diverse link redundancy technologies such as H3C proprietary RRPP, VRRPE, and Smart Link. These technologies ensure quick network convergence even when large amount of traffic of multiple services runs on the network.∙Flexible choice of airflow∙To cope with data center cooling aisle design, the H3C S6850 series switch comes with flexible airflow design, which features bi-cooling aisles in the front and back. Users may also choose thedirection of airflow (from front to back or vice versa) by selecting a different fan tray.Excellent manageabilityThe switch improves system management through the following ways:∙Provides multiple management interfaces, including the serial console port, mini USB console port, USB port, two out-of-band management ports, and two SFP ports. The SFP ports can be used as in-band management port through which encapsulated sampling packets are sent to the controller or other management devices for deep analysis.∙Supports multiple access methods, including SNMPv1/v2c/v3, Telnet, SSH 2.0, SSL, and FTP.∙Supports standard NETCONF APIs that allow users to configure and manage the switch, enhancing the compatibility with third-party applications.Hardware SpecificationItem S6850-56HF S6850-2CDimensions (H × W × D) 43.6 × 440 × 460 mm (1.72 × 17.32 × 18.11 in) 44.2 × 440 × 660 mm (1.74 × 17.32 × 18.11 in) Weight ≤ 15 kg (33.07 lb) ≤ 16 kg (35.27 lb)Serial console port 1 1Out-of-band management port One GE copper port and one GE fiber port One GE copper port and one GE fiber port Mini USB console port 1 1USB port 1 1QSFP28 port 8 2SFP28 port 48 -SFP port 2 -Expansion slot - 2CPU 2.2GHz@4Core 2.2GHz@4CoreFlash/SDRAM 4GB/8GB 4GB/8GBLatency <1μs <1μsSwitching capacity 4 Tbps 3.6TbpsForwarding capacity 2024 Mpps 2024 MppsBuffer(byte) 32M 32MAC-input voltage 90v AC to 264v AC 90v AC to 264v ACDC-input voltage –40v DC to –72v DC –40v DC to –72v DCPower module slot 2 2Fan tray slot 5 Hot-swappable fan, fan speed adjustable and wind invertibleAir flow direction From front to rear or from rear to front From front to rear or from rear to frontStatic power consumption Single AC: 167 WDual AC: 179 WSingle DC: 154 WDual DC: 174 WSingle AC: 136 WDual AC: 148 WSingle DC: 132 WDual DC: 146 WTypical power consumption Single AC: 201 WDual AC: 224 WSingle DC: 198 WDual DC: 210 WSingle AC: 273 W ( with LSWM18CQ)Dual AC: 282 W( with LSWM18CQ)Single DC: 268 W( with LSWM18CQ)Dual DC: 275 W( with LSWM18CQ)Maximum heat consumption (BTU/hour) Single AC: 686Dual AC: 765Single DC: 676Dual DC: 717Single AC:932 ( with LSWM18CQ)Dual AC:963( with LSWM18CQ)Single DC:915( with LSWM18CQ)Dual DC: 939( with LSWM18CQ)Operating temperature 0°C to 45°C (32°F to 113°F) Operating humidity 5% to 95%, noncondensingSoftware SpecificationItem Feature descriptionDevice Virtualization IRF2.0M-LAG(DRNI) S-MLAGNetwork Virtualization BGP-EVPN VxLAN EVPN ESVxLAN L2 VxLAN gatewayL3 VxLAN gateway Distributed VxLAN gateway Centralized VxLAN gateway EVPN VxLANmanual configured VxLAN IPv4 VxLAN tunnelIPv6 VxLAN tunnelQinQ VxLAN accessSDN H3C SeerEngine-DCLossless network PFC and ECNDCBXRDMA and ROCEPFC deadlock watchdog ECN overlayROCE stream analysisProgrammability Openflow1.3NetconfAnsiblePython//TCL/Restful API to realize DevOps automated operation and maintenanceTraffic analysis SflowNetstream, only S6850-2CVLAN Port-based VLANsMac-based VLAN ,Subnet-based VLAN and Protocol VLAN VLAN mappingQinQMVRP(Multiple VLAN Registration Protocol)Super VLANPVLANMAC address Dynamic learning and aging of mac address entries Dynamic,static and blackhole entriesMac address limiting on portsIPv4 routing RIP(Routing Information Protocol) v1/2OSPF (Open Shortest Path First) v1/v2ISIS(Intermediate System to Intermediate system) BGP (Border Gateway Protocol)Routing policyVRRPPBRItem SpecificationIPv6 routing RIPng OSPFv3IPv6 ISIS BGP4+ Routing policy VRRPPBRMPLS/VPLS Support L3 MPLS VPNSupport L2 VPN: VLL (Martini, Kompella) Support VPLS, VLLSupport hierarchical VPLS and QinQ+VPLS access Support P/PE functionSupport LDP protocolSupport MCESupport MPLS OAMMulticast IGMP snoopingMLD snoopingIPv4 and IPv6 multicast VLAN IPv4 and IPv6 PIM snooping IGMP and MLDPIM and IPv6 PIMMSDPMulticast VPNReliability LACPSTP/RSTP/MSTP protocol, PVST compatibleSTP Root Guard and BPDU GuardRRPP and ERPSEthernet OAMSmartlinkDLDPBFD for OSPF/OSPFv3, BGP/BGP4, IS-IS/IS-ISv6, PIM/IPM for IPv6 and Static route VRRP and VRRPEQOS Weighted Random Early Detection (WRED) and tail dropFlexible queue scheduling algorithms based on port and queue, including strict priority (SP), Weighted Deficit Round Robin (WDRR), Weighted Fair Queuing (WFQ), SP + WDRR, and SP + WFQ. Traffic shapingPacket filtering at L2 (Layer 2) through L4 (Layer 4); flow classification based on source MAC address, destination MAC address, source IP (IPv4/IPv6) address, destination IP (IPv4/IPv6) address, port, protocol, and VLAN to apply qos policy,including mirroring,redirection,priority remark etc. Committed access rate (CAR)Account by packet and byteCOPPFC/FOCE FC, FC subcard is supported on S6850-2C FCOETelemetry gRPC ERSPAN Mirror on dropItem SpecificationTelemetry Telemetry StreamINTiNQAPacket trace, Packet captureConfiguration and maintenance Console telnet and SSH terminalsSNMPv1/v2/v3ZTPSystem logFile upload and download via FTP/TFTP, BootRom update and remote update NQAping,tracertVxLAN ping and VxLAN tracertNTPPTP(1588v2)GIR Graceful Insertion and RemovalSecurity and management Macsec, Macsec subcard is supported on S6850-2C and only 100G macsec subcard can support 256-bit AES encryptionMicro-SegmentationHierarchical management and password protection of usersAuthentication methods,including AAA,RADIUS and HWTACACSSupport DDos, ARP attack and ICMP attack functionIP-MAC-port binding and IP Source GuardSSH 2.0HTTPSSSLPKIBoot ROM access control (password recovery)RMONEMC FCC Part 15 Subpart B CLASS A ICES-003 CLASS AVCCI CLASS ACISPR 32 CLASS AEN 55032 CLASS AAS/NZS CISPR32 CLASS A CISPR 24EN 55024EN 61000-3-2EN 61000-3-3ETSI EN 300 386GB/T 9254YD/T 993IEEE Standard 802.3x/802.3ad/802.3AH/802.1P/802.1Q/802.1X/802.1D/802.1w/802.1s/802.1AG 802.1x/802.1Qbb/802.1az/802.1QazSafety UL 60950-1CAN/CSA C22.2 No 60950-1 IEC 60950-1EN 60950-1AS/NZS 60950-1FDA 21 CFR Subchapter JPerformance and scalabilityPerformance and scalabilityDescriptionPerformance RIB 1MMSTP instance 64PVST instance 510PVST logical port number 2000VRRP VRID 255VRRP group 256NQA group 32Static table static mac-address 4000static multicast mac-address 1Kstatic ARP 1Kstatic ND 4Kstatic IPv4 routing table 2Kstatic IPv6 routing table 4000Data Center ApplicationThe typical data center application is an EVPN-VxLAN design,S12500G-AF or S12500X-AF switches work as spine or spine/border, S68XX series work as leaf and border or ED. From this design, the usres can get a non-blocking large L2 system.Order informationNew H3C Technologies Co., LimitedBeijing HeadquartersTower 1, LSH Center, 8 Guangshun South Street, Chaoyang District, Beijing, ChinaZip: 100102Hangzhou HeadquartersNo.466 Changhe Road, Binjiang District, Hangzhou, Zhejiang, ChinaZip: 310052Tel: +86-571-86760000 Copyright ©2022 New H3C Technologies Co., Limited Reserves all rightsDisclaimer: Though H3C strives to provide accurate information in this document, we cannot guarantee that details do not contain any technical error or printing error. Therefore, H3C cannot accept responsibility for any inaccuracy in this document. H3C reserves the right for the modification of the contents herein without prior notification。

H3C S3100-52P以太网交换机操作手册-Release 1702-6W10001-CLI操作目录1 CLI（命令行接口）1.1 认识命令行接口1.2 进入命令行接口1.2.1 通过Console口进行命令行接口1.2.2 通过Telnet方式进入命令行接口1.3 H3C产品命令行接口的说明1.3.1 手册中命令行格式约定1.3.2 命令行视图说明1.4 命令行接口使用技巧1.4.1 使用命令行在线帮助1.4.2 解读输入错误提示信息1.4.3 快速输入命令行1.4.4 查看及重复执行历史命令1.4.5 命令的undo格式1.4.6 命令行显示信息控制1.5 命令行相关配置1.5.1 配置命令行的别名1.5.2 配置命令行输入防打断功能1.5.3 配置命令行级别1.5.4 配置保存1 CLI（命令行接口）1.1 认识命令行接口命令行接口是用户与设备之间的文本类指令交互界面，用户键入文本类命令，通过输入回车键提交设备执行相关命令。

通过命令行接口，用户可以输入命令对设备进行配置，并可以通过查看输出的信息确认配置结果，方便用户配置和管理设备。

H3C系列交换机的命令行接口界面如图1-1所示：图1-1 命令行接口界面示意图1.2 进入命令行接口H3C S3100-52P以太网交换机支持多种方式进入命令行接口：●通过Console口进入命令行接口界面，具体请参见1.2.1 通过Console口进行命令行接口。

●通过Telnet方式进入命令行接口界面，具体请参见1.2.2 通过Telnet方式进入命令行接口。

●通过SSH方式以加密方式进入命令行接口界面，具体请参见“SSH”章节的介绍。

1.2.1 通过Console口进行命令行接口H3C系列交换机在初次使用命令行接口时，只能通过Console口进行登录并进入命令行接口界面。

具体请按以下步骤进行操作：(1)请使用产品随机附带的配置口电缆连接PC机和交换机。

02-登录交换机配置目录1 登录以太网交换机1.1 登录以太网交换机方法简介1.2 用户界面简介1.2.1 交换机支持的用户界面1.2.2 用户与用户界面的关系1.2.3 交换机用户界面编号1.2.4 用户界面公共配置2 通过Console口进行本地登录2.1 通过Console口进行本地登录简介2.2 通过Console口登录交换机的配置环境搭建2.3 配置Console口登录方式的公共属性2.4 Console口登录配置任务简介2.5 认证方式为None时Console口登录方式的配置2.5.1 配置过程2.5.2 配置举例2.6 认证方式为Password时Console口登录方式的配置2.6.1 配置过程2.6.2 配置举例2.7 认证方式为Scheme时Console口登录方式的配置2.7.1 配置过程2.7.2 配置举例3 通过Telnet/SSH进行远程登录3.1 通过Telnet进行远程登录3.1.1 通过Telnet登录简介3.1.2 Telnet配置环境搭建3.1.3 配置Telnet登录方式的公共属性3.1.4 Telnet登录配置任务简介3.1.5 认证方式为None时Telnet登录方式的配置3.1.6 认证方式为Password时Telnet登录方式的配置3.1.7 认证方式为Scheme时Telnet登录方式的配置3.2 通过SSH进行登录3.2.1 通过SSH进行登录简介3.2.2 通过SSH进行登录配置4 通过Web网管登录4.1 通过Web网管登录简介4.2 通过Web网管登录配置4.3 Web用户显示4.4 通过Web网管登录举例5 通过NMS登录5.1 通过NMS登录简介5.2 通过NMS方式登录组网结构6 Telnet业务报文指定源IP6.1 Telnet业务报文指定源IP简介6.2 配置Telnet业务报文指定源IP6.3 配置Telnet业务报文指定源IP显示7 对登录用户的控制7.1 对登录用户的控制简介7.2 配置对Telnet的控制7.2.1 配置准备7.2.2 通过源IP对Telnet进行控制7.2.3 通过源IP、目的IP对Telnet进行控制7.2.4 通过源MAC地址对Telnet进行控制7.2.5 配置举例7.3 通过源IP对网管用户进行控制7.3.1 配置准备7.3.2 通过源IP对网管用户进行控制7.3.3 配置举例7.4 通过源IP对Web用户进行控制7.4.1 配置准备7.4.2 通过源IP对Web用户进行控制7.4.3 强制在线Web用户下线7.4.4 配置举例1 登录以太网交换机1.1 登录以太网交换机方法简介用户可以通过以下几种方式登录以太网交换机：●通过Console口进行本地登录●通过Telnet或SSH进行远程登录●通过Web网管登录●通过NMS登录1.2 用户界面简介1.2.1 交换机支持的用户界面在S5120-SI系列以太网交换机中，AUX口（Auxiliary port，辅助端口）和Console口是同一个端口，以下称为Console口，与其对应的用户界面类型只有AUX用户界面类型。