Pelatihan Switching Lanjut

PT SIDOLA - PT DIRGANTARA INDONESIA

2016
SKENARIO
Agenda
Hari 1
Install dan Konfigurasi HPN Simulator
Intelligent Resiliency Framework (IRF)
Link Aggregation (LAG )
Virtual LAN (VLAN) - SuperVLAN SubVLAN
Access Control List (ACL)
Agenda

Hari 2
Policy Based Routing ( PBR )
Quality of Service ( QOS )
Access Control ( Tracking konfigurasi dengan TACACS+)
Device Management ( Backup / Restore Konfigurasi )
DHCP Snooping
ARP Attack Protection
Loop Protection
HP Networking Simulator
HP Network Simulator is an ideal Comware v7 learning tool, which
allows users to create, configure, and connect simulated networks

Test konfigurasi HP Comware Network Device sebelum diterapkan

HP Network device ( Switch and Router ) using Comware v7 OS

Saat ini simulasi device yg tersedia switch HP A5820 dan router

MSR36 available
Simulated Network
H3C Cloud Simulator
H3C Cloud Simulator - Add Switch
H3C Cloud Simulator - Starting Up Switch
H3C Cloud Simulator - Accessing CLI
H3C Cloud Simulator - Switch Console
H3C Cloud Simulator - Connecting switch to
external device
HP Intelligent Resiliency Framework (IRF)
HP IRF
IRF consolidates multiple physical switches so that they appear to the
rest of the network as a single logical IRF fabric domain.

Up to four HP A5500-HI switches can comprise as one single virtual

IRF fabric

Within an IRF domain, configuration of master switch is distributed

relevant configuration and protocol information to other switches in
the IRF domain

switches within an IRF domain can be deployed across multiple data

centers up to 70 kilometers

IRF uses an “active/active” design that enables switches to forward

traffic on all ports
HP IRF Terminology
IRF Member role
IRF uses two member roles: master and slave

IRF Member ID
An IRF fabric uses member IDs to uniquely identify and manage its members.

IRF Logical Port

An IRF port is a logical interface for the connection between IRF member devices.ce for
the connection between IRF member devices. Every IRF-capable device supports two IRF
ports. The IRF ports are named IRF-port n/1 and IRF-port n/2, where n is the member ID
of the switch

IRF Physical Port

Physical IRF ports connect IRF member devices and must be bound to an IRF logical port

IRF Domain ID
One IRF fabric forms one IRF domain. IRF uses IRF domain IDs to uniquely identify IRF
fabrics and prevent IRF fabrics from interfering with one another
IRF Terminology
IRF Configuration Task List
IRF Lab
Install HPN Simulator

Create simulation

Run simulation

Configure IRF

Verify and Test Configuration

Lab Layout
IRF LAB Schema
Link Aggregation
Ethernet link aggregation bundles multiple physical Ethernet links into one
logical link, called an aggregate link

Link aggregation is implemented by combining Ethernet interfaces into a link

aggregation group

Each link aggregation group has one logical aggregate interface

Aggregation State
Selected: A Selected port can forward user traffic

Unselected: An Unselected port cannot forward user traffic

Aggregation Mode
Dynamic :
link aggregation uses LACP (Link Aggregation Control Protocol )

Static :
Link aggregation does not use LACP
Link Aggregation LAB - Static
Link Aggregation LAB - Static
Link Aggregation LAB - Static
Link Aggregation LAB - Static
Link Aggregation LAB - Dynamic
VLAN - SuperVLAN - SubVLAN
VLAN - SuperVLAN - SubVLAN
Inter-vlan communication is achieved by configuring a ip address on
the Vlanif interfaces

IP address on Vlan interface can not be used on client, If a network

as a large number of vlans, it will require an excessive use of ip
addresses

The concept of Super-vlans was introduced to save ip address space

A Super-vlan is a group of sub-vlans, It has a vlan interface, but no

physical ports can be added to it.

A sub-vlan has physical ports but no ip address assigned to the vlanif

interface

Inter-vlan communication between sub-vlan is achieved ip address

on the Super-vlan Vlanif interfaces
Super-VLAN Sub-VLAN Lab
Super-VLAN Sub-VLAN Lab
Super-VLAN Sub-VLAN Lab
Isolate-user-VLAN
Isolate-user-vlan
An isolate-user-VLAN uses a two-tier VLAN structure

isolate-user-VLAN and secondary VLAN, are configured on the same

device

Isolate-user-VLANs are mainly used for upstream data exchange

upstream device identifies only the isolate-user-VLAN and not the

secondary VLANs

Isolate-user-VLAN simplify network configuration and save VLAN

resources
Isolate-user-VLAN Lab
isolate-user-vlan LAB
isolate-user-vlan LAB
isolate-user-vlan LAB
Access Control List (ACL)
An access control list (ACL) is a set of rules (or permit or deny
statements) for identifying traffic based on criteria such as source IP
address, destination IP address, and port number

ACLs are primarily used for packet filtering

A packet filter drops packets that match a deny rule and permits
packets that match a permit rule
ACL Categories
ACL Match Order
ACL are sorted in a specific order

When a packet matches a rule, the device stops the match process
and performs the action defined in the rule

Sorts ACL rules in ascending order of rule ID

ACL Lab
Lab Scenario
Host A can telnet to the switch only during the working time (8:30 to
18:00 of every working day)

As a TFTP client, the switch can get files from only the server
11.1.1.100. This makes sure that the switch saves only authorized
files

As an FTP server, the switch accepts the login requests from only the
NMS
ACL LAB
ACL LAB